1. 10 May, 2024 2 commits
    • Linus Torvalds's avatar
      Merge tag 'iommu-fixes-v6.9-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu · 98957025
      Linus Torvalds authored
      Pull iommu fixes from Joerg Roedel:
      
       - Fix offset miscalculation on ARM-SMMU driver
      
       - AMD IOMMU fix for initializing state of untrusted devices
      
      * tag 'iommu-fixes-v6.9-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
        iommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault()
        iommu/amd: Enhance def_domain_type to handle untrusted device
      98957025
    • Jason Gunthorpe's avatar
      iommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault() · 65ade565
      Jason Gunthorpe authored
      This was missed because of the function pointer indirection.
      
      nvidia_smmu_context_fault() is also installed as a irq function, and the
      'void *' was changed to a struct arm_smmu_domain. Since the iommu_domain
      is embedded at a non-zero offset this causes nvidia_smmu_context_fault()
      to miscompute the offset. Fixup the types.
      
        Unable to handle kernel NULL pointer dereference at virtual address 0000000000000120
        Mem abort info:
          ESR = 0x0000000096000004
          EC = 0x25: DABT (current EL), IL = 32 bits
          SET = 0, FnV = 0
          EA = 0, S1PTW = 0
          FSC = 0x04: level 0 translation fault
        Data abort info:
          ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
          CM = 0, WnR = 0, TnD = 0, TagAccess = 0
          GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
        user pgtable: 4k pages, 48-bit VAs, pgdp=0000000107c9f000
        [0000000000000120] pgd=0000000000000000, p4d=0000000000000000
        Internal error: Oops: 0000000096000004 [#1] SMP
        Modules linked in:
        CPU: 1 PID: 47 Comm: kworker/u25:0 Not tainted 6.9.0-0.rc7.58.eln136.aarch64 #1
        Hardware name: Unknown NVIDIA Jetson Orin NX/NVIDIA Jetson Orin NX, BIOS 3.1-32827747 03/19/2023
        Workqueue: events_unbound deferred_probe_work_func
        pstate: 604000c9 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
        pc : nvidia_smmu_context_fault+0x1c/0x158
        lr : __free_irq+0x1d4/0x2e8
        sp : ffff80008044b6f0
        x29: ffff80008044b6f0 x28: ffff000080a60b18 x27: ffffd32b5172e970
        x26: 0000000000000000 x25: ffff0000802f5aac x24: ffff0000802f5a30
        x23: ffff0000802f5b60 x22: 0000000000000057 x21: 0000000000000000
        x20: ffff0000802f5a00 x19: ffff000087d4cd80 x18: ffffffffffffffff
        x17: 6234362066666666 x16: 6630303078302d30 x15: ffff00008156d888
        x14: 0000000000000000 x13: ffff0000801db910 x12: ffff00008156d6d0
        x11: 0000000000000003 x10: ffff0000801db918 x9 : ffffd32b50f94d9c
        x8 : 1fffe0001032fda1 x7 : ffff00008197ed00 x6 : 000000000000000f
        x5 : 000000000000010e x4 : 000000000000010e x3 : 0000000000000000
        x2 : ffffd32b51720cd8 x1 : ffff000087e6f700 x0 : 0000000000000057
        Call trace:
         nvidia_smmu_context_fault+0x1c/0x158
         __free_irq+0x1d4/0x2e8
         free_irq+0x3c/0x80
         devm_free_irq+0x64/0xa8
         arm_smmu_domain_free+0xc4/0x158
         iommu_domain_free+0x44/0xa0
         iommu_deinit_device+0xd0/0xf8
         __iommu_group_remove_device+0xcc/0xe0
         iommu_bus_notifier+0x64/0xa8
         notifier_call_chain+0x78/0x148
         blocking_notifier_call_chain+0x4c/0x90
         bus_notify+0x44/0x70
         device_del+0x264/0x3e8
         pci_remove_bus_device+0x84/0x120
         pci_remove_root_bus+0x5c/0xc0
         dw_pcie_host_deinit+0x38/0xe0
         tegra_pcie_config_rp+0xc0/0x1f0
         tegra_pcie_dw_probe+0x34c/0x700
         platform_probe+0x70/0xe8
         really_probe+0xc8/0x3a0
         __driver_probe_device+0x84/0x160
         driver_probe_device+0x44/0x130
         __device_attach_driver+0xc4/0x170
         bus_for_each_drv+0x90/0x100
         __device_attach+0xa8/0x1c8
         device_initial_probe+0x1c/0x30
         bus_probe_device+0xb0/0xc0
         deferred_probe_work_func+0xbc/0x120
         process_one_work+0x194/0x490
         worker_thread+0x284/0x3b0
         kthread+0xf4/0x108
         ret_from_fork+0x10/0x20
        Code: a9b97bfd 910003fd a9025bf5 f85a0035 (b94122a1)
      
      Cc: stable@vger.kernel.org
      Fixes: e0976331 ("iommu/arm-smmu: Pass arm_smmu_domain to internal functions")
      Reported-by: default avatarJerry Snitselaar <jsnitsel@redhat.com>
      Closes: https://lore.kernel.org/all/jto5e3ili4auk6sbzpnojdvhppgwuegir7mpd755anfhwcbkfz@2u5gh7bxb4ivSigned-off-by: default avatarJason Gunthorpe <jgg@nvidia.com>
      Tested-by: default avatarJerry Snitselaar <jsnitsel@redhat.com>
      Acked-by: default avatarJerry Snitselaar <jsnitsel@redhat.com>
      Link: https://lore.kernel.org/r/0-v1-24ce064de41f+4ac-nvidia_smmu_fault_jgg@nvidia.comSigned-off-by: default avatarJoerg Roedel <jroedel@suse.de>
      65ade565
  2. 09 May, 2024 20 commits
    • Linus Torvalds's avatar
      Merge tag 'hwmon-for-v6.9-rc8' of... · 448b3fe5
      Linus Torvalds authored
      Merge tag 'hwmon-for-v6.9-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging
      
      Pull hwmon fixes from Guenter Roeck:
      
       - pmbus/ucd9000: Increase chip access delay to avoid random access
         errors
      
       - corsair-cpro: Protect kernel code against parallel hidraw access from
         userspace
      
      * tag 'hwmon-for-v6.9-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
        hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us
        hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock
        hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event()
        hwmon: (corsair-cpro) Use a separate buffer for sending commands
      448b3fe5
    • Lakshmi Yadlapati's avatar
      hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us · 26e8383b
      Lakshmi Yadlapati authored
      Following the failure observed with a delay of 250us, experiments were
      conducted with various delays. It was found that a delay of 350us
      effectively mitigated the issue.
      
      To provide a more optimal solution while still allowing a margin for
      stability, the delay is being adjusted to 500us.
      Signed-off-by: default avatarLakshmi Yadlapati <lakshmiy@us.ibm.com>
      Link: https://lore.kernel.org/r/20240507194603.1305750-1-lakshmiy@us.ibm.com
      Fixes: 8d655e65 ("hwmon: (ucd90320) Add minimum delay between bus accesses")
      Reviewed-by: default avatarEddie James <eajames@linux.ibm.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarGuenter Roeck <linux@roeck-us.net>
      26e8383b
    • Linus Torvalds's avatar
      Merge tag 'net-6.9-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 8c3b7565
      Linus Torvalds authored
      Pull networking fixes from Paolo Abeni:
       "Including fixes from bluetooth and IPsec.
      
        The bridge patch is actually a follow-up to a recent fix in the same
        area. We have a pending v6.8 AF_UNIX regression; it should be solved
        soon, but not in time for this PR.
      
        Current release - regressions:
      
         - eth: ks8851: Queue RX packets in IRQ handler instead of disabling
           BHs
      
         - net: bridge: fix corrupted ethernet header on multicast-to-unicast
      
        Current release - new code bugs:
      
         - xfrm: fix possible bad pointer derferencing in error path
      
        Previous releases - regressionis:
      
         - core: fix out-of-bounds access in ops_init
      
         - ipv6:
            - fix potential uninit-value access in __ip6_make_skb()
            - fib6_rules: avoid possible NULL dereference in fib6_rule_action()
      
         - tcp: use refcount_inc_not_zero() in tcp_twsk_unique().
      
         - rtnetlink: correct nested IFLA_VF_VLAN_LIST attribute validation
      
         - rxrpc: fix congestion control algorithm
      
         - bluetooth:
            - l2cap: fix slab-use-after-free in l2cap_connect()
            - msft: fix slab-use-after-free in msft_do_close()
      
         - eth: hns3: fix kernel crash when devlink reload during
           initialization
      
         - eth: dsa: mv88e6xxx: add phylink_get_caps for the mv88e6320/21
           family
      
        Previous releases - always broken:
      
         - xfrm: preserve vlan tags for transport mode software GRO
      
         - tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets
      
         - eth: hns3: keep using user config after hardware reset"
      
      * tag 'net-6.9-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (47 commits)
        net: dsa: mv88e6xxx: read cmode on mv88e6320/21 serdes only ports
        net: dsa: mv88e6xxx: add phylink_get_caps for the mv88e6320/21 family
        net: hns3: fix kernel crash when devlink reload during initialization
        net: hns3: fix port vlan filter not disabled issue
        net: hns3: use appropriate barrier function after setting a bit value
        net: hns3: release PTP resources if pf initialization failed
        net: hns3: change type of numa_node_mask as nodemask_t
        net: hns3: direct return when receive a unknown mailbox message
        net: hns3: using user configure after hardware reset
        net/smc: fix neighbour and rtable leak in smc_ib_find_route()
        ipv6: prevent NULL dereference in ip6_output()
        hsr: Simplify code for announcing HSR nodes timer setup
        ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()
        dt-bindings: net: mediatek: remove wrongly added clocks and SerDes
        rxrpc: Only transmit one ACK per jumbo packet received
        rxrpc: Fix congestion control algorithm
        selftests: test_bridge_neigh_suppress.sh: Fix failures due to duplicate MAC
        ipv6: Fix potential uninit-value access in __ip6_make_skb()
        net: phy: marvell-88q2xxx: add support for Rev B1 and B2
        appletalk: Improve handling of broadcast packets
        ...
      8c3b7565
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rmk/linux · 62788b0f
      Linus Torvalds authored
      Pull ARM fix from Russell King:
      
       - clear stale KASan stack poison when a CPU resumes
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rmk/linux:
        ARM: 9381/1: kasan: clear stale stack poison
      62788b0f
    • Linus Torvalds's avatar
      Merge tag 'pull-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · 1bbc9915
      Linus Torvalds authored
      Pull dentry leak fix from Al Viro:
       "Dentry leak fix in the qibfs driver that I forgot to send a pull
        request for ;-/
      
        My apologies - it actually sat in vfs.git#fixes for more than two
        months..."
      
      * tag 'pull-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        qibfs: fix dentry leak
      1bbc9915
    • Steffen Bätz's avatar
      net: dsa: mv88e6xxx: read cmode on mv88e6320/21 serdes only ports · 6e7ffa18
      Steffen Bätz authored
      On the mv88e6320 and 6321 switch family, port 0/1 are serdes only ports.
      Modified the mv88e6352_get_port4_serdes_cmode function to pass a port
      number since the register set of the 6352 is equal on the 6320/21.
      Signed-off-by: default avatarSteffen Bätz <steffen@innosonix.de>
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Reviewed-by: default avatarFabio Estevam <festevam@gmail.com>
      Link: https://lore.kernel.org/r/20240508072944.54880-3-steffen@innosonix.deSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      6e7ffa18
    • Steffen Bätz's avatar
      net: dsa: mv88e6xxx: add phylink_get_caps for the mv88e6320/21 family · f39bf3cf
      Steffen Bätz authored
      As of commit de5c9bf4 ("net: phylink: require supported_interfaces to
      be filled")
      Marvell 88e6320/21 switches fail to be probed:
      
      ...
      mv88e6085 30be0000.ethernet-1:00: phylink: error: empty supported_interfaces
      error creating PHYLINK: -22
      ...
      
      The problem stems from the use of mv88e6185_phylink_get_caps() to get
      the device capabilities.
      Since there are serdes only ports 0/1 included, create a new dedicated
      phylink_get_caps for the 6320 and 6321 to properly support their
      set of capabilities.
      
      Fixes: de5c9bf4 ("net: phylink: require supported_interfaces to be filled")
      Signed-off-by: default avatarSteffen Bätz <steffen@innosonix.de>
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Reviewed-by: default avatarFabio Estevam <festevam@gmail.com>
      Link: https://lore.kernel.org/r/20240508072944.54880-2-steffen@innosonix.deSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      f39bf3cf
    • Paolo Abeni's avatar
      Merge branch 'there-are-some-bugfix-for-the-hns3-ethernet-driver' · 393ceeb9
      Paolo Abeni authored
      Jijie Shao says:
      
      ====================
      There are some bugfix for the HNS3 ethernet driver
      ====================
      
      Link: https://lore.kernel.org/r/20240507134224.2646246-1-shaojijie@huawei.comSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      393ceeb9
    • Yonglong Liu's avatar
      net: hns3: fix kernel crash when devlink reload during initialization · 35d92abf
      Yonglong Liu authored
      The devlink reload process will access the hardware resources,
      but the register operation is done before the hardware is initialized.
      So, processing the devlink reload during initialization may lead to kernel
      crash.
      
      This patch fixes this by registering the devlink after
      hardware initialization.
      
      Fixes: cd624299 ("net: hns3: add support for registering devlink for VF")
      Fixes: 93305b77 ("net: hns3: fix kernel crash when devlink reload during pf initialization")
      Signed-off-by: default avatarYonglong Liu <liuyonglong@huawei.com>
      Signed-off-by: default avatarJijie Shao <shaojijie@huawei.com>
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      35d92abf
    • Yonglong Liu's avatar
      net: hns3: fix port vlan filter not disabled issue · f5db7a3b
      Yonglong Liu authored
      According to hardware limitation, for device support modify
      VLAN filter state but not support bypass port VLAN filter,
      it should always disable the port VLAN filter. but the driver
      enables port VLAN filter when initializing, if there is no
      VLAN(except VLAN 0) id added, the driver will disable it
      in service task. In most time, it works fine. But there is
      a time window before the service task shceduled and net device
      being registered. So if user adds VLAN at this time, the driver
      will not update the VLAN filter state,  and the port VLAN filter
      remains enabled.
      
      To fix the problem, if support modify VLAN filter state but not
      support bypass port VLAN filter, set the port vlan filter to "off".
      
      Fixes: 184cd221 ("net: hns3: disable port VLAN filter when support function level VLAN filter control")
      Fixes: 2ba30662 ("net: hns3: add support for modify VLAN filter state")
      Signed-off-by: default avatarYonglong Liu <liuyonglong@huawei.com>
      Signed-off-by: default avatarJijie Shao <shaojijie@huawei.com>
      Reviewed-by: default avatarSimon Horman <horms@kernel.org>
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      f5db7a3b
    • Peiyang Wang's avatar
      net: hns3: use appropriate barrier function after setting a bit value · 094c2812
      Peiyang Wang authored
      There is a memory barrier in followed case. When set the port down,
      hclgevf_set_timmer will set DOWN in state. Meanwhile, the service task has
      different behaviour based on whether the state is DOWN. Thus, to make sure
      service task see DOWN, use smp_mb__after_atomic after calling set_bit().
      
                CPU0                        CPU1
      ========================== ===================================
      hclgevf_set_timer_task()    hclgevf_periodic_service_task()
        set_bit(DOWN,state)         test_bit(DOWN,state)
      
      pf also has this issue.
      
      Fixes: ff200099 ("net: hns3: remove unnecessary work in hclgevf_main")
      Fixes: 1c6dfe6f ("net: hns3: remove mailbox and reset work in hclge_main")
      Signed-off-by: default avatarPeiyang Wang <wangpeiyang1@huawei.com>
      Signed-off-by: default avatarJijie Shao <shaojijie@huawei.com>
      Reviewed-by: default avatarSimon Horman <horms@kernel.org>
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      094c2812
    • Peiyang Wang's avatar
      net: hns3: release PTP resources if pf initialization failed · 950aa423
      Peiyang Wang authored
      During the PF initialization process, hclge_update_port_info may return an
      error code for some reason. At this point,  the ptp initialization has been
      completed. To void memory leaks, the resources that are applied by ptp
      should be released. Therefore, when hclge_update_port_info returns an error
      code, hclge_ptp_uninit is called to release the corresponding resources.
      
      Fixes: eaf83ae5 ("net: hns3: add querying fec ability from firmware")
      Signed-off-by: default avatarPeiyang Wang <wangpeiyang1@huawei.com>
      Signed-off-by: default avatarJijie Shao <shaojijie@huawei.com>
      Reviewed-by: default avatarHariprasad Kelam <hkelam@marvell.com>
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      950aa423
    • Peiyang Wang's avatar
      net: hns3: change type of numa_node_mask as nodemask_t · 6639a7b9
      Peiyang Wang authored
      It provides nodemask_t to describe the numa node mask in kernel. To
      improve transportability, change the type of numa_node_mask as nodemask_t.
      
      Fixes: 38caee9d ("net: hns3: Add support of the HNAE3 framework")
      Signed-off-by: default avatarPeiyang Wang <wangpeiyang1@huawei.com>
      Signed-off-by: default avatarJijie Shao <shaojijie@huawei.com>
      Reviewed-by: default avatarSimon Horman <horms@kernel.org>
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      6639a7b9
    • Jian Shen's avatar
      net: hns3: direct return when receive a unknown mailbox message · 669554c5
      Jian Shen authored
      Currently, the driver didn't return when receive a unknown
      mailbox message, and continue checking whether need to
      generate a response. It's unnecessary and may be incorrect.
      
      Fixes: bb5790b7 ("net: hns3: refactor mailbox response scheme between PF and VF")
      Signed-off-by: default avatarJian Shen <shenjian15@huawei.com>
      Signed-off-by: default avatarJijie Shao <shaojijie@huawei.com>
      Reviewed-by: default avatarSimon Horman <horms@kernel.org>
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      669554c5
    • Peiyang Wang's avatar
      net: hns3: using user configure after hardware reset · 05eb60e9
      Peiyang Wang authored
      When a reset occurring, it's supposed to recover user's configuration.
      Currently, the port info(speed, duplex and autoneg) is stored in hclge_mac
      and will be scheduled updated. Consider the case that reset was happened
      consecutively. During the first reset, the port info is configured with
      a temporary value cause the PHY is reset and looking for best link config.
      Second reset start and use pervious configuration which is not the user's.
      The specific process is as follows:
      
      +------+               +----+                +----+
      | USER |               | PF |                | HW |
      +---+--+               +-+--+                +-+--+
          |  ethtool --reset   |                     |
          +------------------->|    reset command    |
          |  ethtool --reset   +-------------------->|
          +------------------->|                     +---+
          |                    +---+                 |   |
          |                    |   |reset currently  |   | HW RESET
          |                    |   |and wait to do   |   |
          |                    |<--+                 |   |
          |                    | send pervious cfg   |<--+
          |                    | (1000M FULL AN_ON)  |
          |                    +-------------------->|
          |                    | read cfg(time task) |
          |                    | (10M HALF AN_OFF)   +---+
          |                    |<--------------------+   | cfg take effect
          |                    |    reset command    |<--+
          |                    +-------------------->|
          |                    |                     +---+
          |                    | send pervious cfg   |   | HW RESET
          |                    | (10M HALF AN_OFF)   |<--+
          |                    +-------------------->|
          |                    | read cfg(time task) |
          |                    |  (10M HALF AN_OFF)  +---+
          |                    |<--------------------+   | cfg take effect
          |                    |                     |   |
          |                    | read cfg(time task) |<--+
          |                    |  (10M HALF AN_OFF)  |
          |                    |<--------------------+
          |                    |                     |
          v                    v                     v
      
      To avoid aboved situation, this patch introduced req_speed, req_duplex,
      req_autoneg to store user's configuration and it only be used after
      hardware reset and to recover user's configuration
      
      Fixes: f5f2b3e4 ("net: hns3: add support for imp-controlled PHYs")
      Signed-off-by: default avatarPeiyang Wang <wangpeiyang1@huawei.com>
      Signed-off-by: default avatarJijie Shao <shaojijie@huawei.com>
      Reviewed-by: default avatarPrzemek Kitszel <przemyslaw.kitszel@intel.com>
      Reviewed-by: default avatarSimon Horman <horms@kernel.org>
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      05eb60e9
    • Wen Gu's avatar
      net/smc: fix neighbour and rtable leak in smc_ib_find_route() · 2ddc0dd7
      Wen Gu authored
      In smc_ib_find_route(), the neighbour found by neigh_lookup() and rtable
      resolved by ip_route_output_flow() are not released or put before return.
      It may cause the refcount leak, so fix it.
      
      Link: https://lore.kernel.org/r/20240506015439.108739-1-guwen@linux.alibaba.com
      Fixes: e5c4744c ("net/smc: add SMC-Rv2 connection establishment")
      Signed-off-by: default avatarWen Gu <guwen@linux.alibaba.com>
      Link: https://lore.kernel.org/r/20240507125331.2808-1-guwen@linux.alibaba.comSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      2ddc0dd7
    • Eric Dumazet's avatar
      ipv6: prevent NULL dereference in ip6_output() · 4db783d6
      Eric Dumazet authored
      According to syzbot, there is a chance that ip6_dst_idev()
      returns NULL in ip6_output(). Most places in IPv6 stack
      deal with a NULL idev just fine, but not here.
      
      syzbot reported:
      
      general protection fault, probably for non-canonical address 0xdffffc00000000bc: 0000 [#1] PREEMPT SMP KASAN PTI
      KASAN: null-ptr-deref in range [0x00000000000005e0-0x00000000000005e7]
      CPU: 0 PID: 9775 Comm: syz-executor.4 Not tainted 6.9.0-rc5-syzkaller-00157-g6a30653b #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
       RIP: 0010:ip6_output+0x231/0x3f0 net/ipv6/ip6_output.c:237
      Code: 3c 1e 00 49 89 df 74 08 4c 89 ef e8 19 58 db f7 48 8b 44 24 20 49 89 45 00 49 89 c5 48 8d 9d e0 05 00 00 48 89 d8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 4c 8b 74 24 28 0f 85 61 01 00 00 8b 1b 31 ff
      RSP: 0018:ffffc9000927f0d8 EFLAGS: 00010202
      RAX: 00000000000000bc RBX: 00000000000005e0 RCX: 0000000000040000
      RDX: ffffc900131f9000 RSI: 0000000000004f47 RDI: 0000000000004f48
      RBP: 0000000000000000 R08: ffffffff8a1f0b9a R09: 1ffffffff1f51fad
      R10: dffffc0000000000 R11: fffffbfff1f51fae R12: ffff8880293ec8c0
      R13: ffff88805d7fc000 R14: 1ffff1100527d91a R15: dffffc0000000000
      FS:  00007f135c6856c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 0000000020000080 CR3: 0000000064096000 CR4: 00000000003506f0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      Call Trace:
       <TASK>
        NF_HOOK include/linux/netfilter.h:314 [inline]
        ip6_xmit+0xefe/0x17f0 net/ipv6/ip6_output.c:358
        sctp_v6_xmit+0x9f2/0x13f0 net/sctp/ipv6.c:248
        sctp_packet_transmit+0x26ad/0x2ca0 net/sctp/output.c:653
        sctp_packet_singleton+0x22c/0x320 net/sctp/outqueue.c:783
        sctp_outq_flush_ctrl net/sctp/outqueue.c:914 [inline]
        sctp_outq_flush+0x6d5/0x3e20 net/sctp/outqueue.c:1212
        sctp_side_effects net/sctp/sm_sideeffect.c:1198 [inline]
        sctp_do_sm+0x59cc/0x60c0 net/sctp/sm_sideeffect.c:1169
        sctp_primitive_ASSOCIATE+0x95/0xc0 net/sctp/primitive.c:73
        __sctp_connect+0x9cd/0xe30 net/sctp/socket.c:1234
        sctp_connect net/sctp/socket.c:4819 [inline]
        sctp_inet_connect+0x149/0x1f0 net/sctp/socket.c:4834
        __sys_connect_file net/socket.c:2048 [inline]
        __sys_connect+0x2df/0x310 net/socket.c:2065
        __do_sys_connect net/socket.c:2075 [inline]
        __se_sys_connect net/socket.c:2072 [inline]
        __x64_sys_connect+0x7a/0x90 net/socket.c:2072
        do_syscall_x64 arch/x86/entry/common.c:52 [inline]
        do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f
      
      Fixes: 778d80be ("ipv6: Add disable_ipv6 sysctl to disable IPv6 operaion on specific interface.")
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reviewed-by: default avatarLarysa Zaremba <larysa.zaremba@intel.com>
      Link: https://lore.kernel.org/r/20240507161842.773961-1-edumazet@google.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      4db783d6
    • Lukasz Majewski's avatar
      hsr: Simplify code for announcing HSR nodes timer setup · 4893b8b3
      Lukasz Majewski authored
      Up till now the code to start HSR announce timer, which triggers sending
      supervisory frames, was assuming that hsr_netdev_notify() would be called
      at least twice for hsrX interface. This was required to have different
      values for old and current values of network device's operstate.
      
      This is problematic for a case where hsrX interface is already in the
      operational state when hsr_netdev_notify() is called, so timer is not
      configured to trigger and as a result the hsrX is not sending supervisory
      frames to HSR ring.
      
      This error has been discovered when hsr_ping.sh script was run. To be
      more specific - for the hsr1 and hsr2 the hsr_netdev_notify() was
      called at least twice with different IF_OPER_{LOWERDOWN|DOWN|UP} states
      assigned in hsr_check_carrier_and_operstate(hsr). As a result there was
      no issue with sending supervisory frames.
      However, with hsr3, the notify function was called only once with
      operstate set to IF_OPER_UP and timer responsible for triggering
      supervisory frames was not fired.
      
      The solution is to use netif_oper_up() and netif_running() helper
      functions to assess if network hsrX device is up.
      Only then, when the timer is not already pending, it is started.
      Otherwise it is deactivated.
      
      Fixes: f421436a ("net/hsr: Add support for the High-availability Seamless Redundancy protocol (HSRv0)")
      Signed-off-by: default avatarLukasz Majewski <lukma@denx.de>
      Reviewed-by: default avatarSimon Horman <horms@kernel.org>
      Link: https://lore.kernel.org/r/20240507111214.3519800-1-lukma@denx.deSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      4893b8b3
    • Eric Dumazet's avatar
      ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() · d101291b
      Eric Dumazet authored
      syzbot is able to trigger the following crash [1],
      caused by unsafe ip6_dst_idev() use.
      
      Indeed ip6_dst_idev() can return NULL, and must always be checked.
      
      [1]
      
      Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI
      KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
      CPU: 0 PID: 31648 Comm: syz-executor.0 Not tainted 6.9.0-rc4-next-20240417-syzkaller #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
       RIP: 0010:__fib6_rule_action net/ipv6/fib6_rules.c:237 [inline]
       RIP: 0010:fib6_rule_action+0x241/0x7b0 net/ipv6/fib6_rules.c:267
      Code: 02 00 00 49 8d 9f d8 00 00 00 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 f9 32 bf f7 48 8b 1b 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 e0 32 bf f7 4c 8b 03 48 89 ef 4c
      RSP: 0018:ffffc9000fc1f2f0 EFLAGS: 00010246
      RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1a772f98c8186700
      RDX: 0000000000000003 RSI: ffffffff8bcac4e0 RDI: ffffffff8c1f9760
      RBP: ffff8880673fb980 R08: ffffffff8fac15ef R09: 1ffffffff1f582bd
      R10: dffffc0000000000 R11: fffffbfff1f582be R12: dffffc0000000000
      R13: 0000000000000080 R14: ffff888076509000 R15: ffff88807a029a00
      FS:  00007f55e82ca6c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 0000001b31d23000 CR3: 0000000022b66000 CR4: 00000000003506f0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      Call Trace:
       <TASK>
        fib_rules_lookup+0x62c/0xdb0 net/core/fib_rules.c:317
        fib6_rule_lookup+0x1fd/0x790 net/ipv6/fib6_rules.c:108
        ip6_route_output_flags_noref net/ipv6/route.c:2637 [inline]
        ip6_route_output_flags+0x38e/0x610 net/ipv6/route.c:2649
        ip6_route_output include/net/ip6_route.h:93 [inline]
        ip6_dst_lookup_tail+0x189/0x11a0 net/ipv6/ip6_output.c:1120
        ip6_dst_lookup_flow+0xb9/0x180 net/ipv6/ip6_output.c:1250
        sctp_v6_get_dst+0x792/0x1e20 net/sctp/ipv6.c:326
        sctp_transport_route+0x12c/0x2e0 net/sctp/transport.c:455
        sctp_assoc_add_peer+0x614/0x15c0 net/sctp/associola.c:662
        sctp_connect_new_asoc+0x31d/0x6c0 net/sctp/socket.c:1099
        __sctp_connect+0x66d/0xe30 net/sctp/socket.c:1197
        sctp_connect net/sctp/socket.c:4819 [inline]
        sctp_inet_connect+0x149/0x1f0 net/sctp/socket.c:4834
        __sys_connect_file net/socket.c:2048 [inline]
        __sys_connect+0x2df/0x310 net/socket.c:2065
        __do_sys_connect net/socket.c:2075 [inline]
        __se_sys_connect net/socket.c:2072 [inline]
        __x64_sys_connect+0x7a/0x90 net/socket.c:2072
        do_syscall_x64 arch/x86/entry/common.c:52 [inline]
        do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f
      
      Fixes: 5e5f3f0f ("[IPV6] ADDRCONF: Convert ipv6_get_saddr() to ipv6_dev_get_saddr().")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reviewed-by: default avatarSimon Horman <horms@kernel.org>
      Reviewed-by: default avatarDavid Ahern <dsahern@kernel.org>
      Link: https://lore.kernel.org/r/20240507163145.835254-1-edumazet@google.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      d101291b
    • Daniel Golle's avatar
      dt-bindings: net: mediatek: remove wrongly added clocks and SerDes · cc349b07
      Daniel Golle authored
      Several clocks as well as both sgmiisys phandles were added by mistake
      to the Ethernet bindings for MT7988. Also, the total number of clocks
      didn't match with the actual number of items listed.
      
      This happened because the vendor driver which served as a reference uses
      a high number of syscon phandles to access various parts of the SoC
      which wasn't acceptable upstream. Hence several parts which have never
      previously been supported (such SerDes PHY and USXGMII PCS) are going to
      be implemented by separate drivers. As a result the device tree will
      look much more sane.
      
      Quickly align the bindings with the upcoming reality of the drivers
      actually adding support for the remaining Ethernet-related features of
      the MT7988 SoC.
      
      Fixes: c94a9aab ("dt-bindings: net: mediatek,net: add mt7988-eth binding")
      Signed-off-by: default avatarDaniel Golle <daniel@makrotopia.org>
      Acked-by: default avatarKrzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
      Link: https://lore.kernel.org/r/1569290b21cc787a424469ed74456a7e976b102d.1715084326.git.daniel@makrotopia.orgSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      cc349b07
  3. 08 May, 2024 16 commits
  4. 07 May, 2024 2 commits