From nobody Sat May 2 09:01:00 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8225CC43334 for ; Fri, 3 Jun 2022 17:40:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344703AbiFCRkp (ORCPT ); Fri, 3 Jun 2022 13:40:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55712 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344687AbiFCRke (ORCPT ); Fri, 3 Jun 2022 13:40:34 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CC02553A44; Fri, 3 Jun 2022 10:40:27 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 83BC0B8242C; Fri, 3 Jun 2022 17:40:26 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id F09AAC385B8; Fri, 3 Jun 2022 17:40:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1654278025; bh=qQ9iHfZ6wugFmp1WHIWplmKG5JxaDYYR9rPylEzzdDw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=N0hvMffNW2nFLTzHEVHFHHhy1Sa1XjvK7onS4Lbt/LrEcGnLkzV2lN+52gaLAu/xc lWXydIwX5pSGHhcc01+0db3c5x10AHQY8YmN0AJJozXR8grCk6adUefzi/gnTR6F8H zO2vRz11+YZQSNLcqbuU7ZikpEi8RlOVbOwH68xg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jeremi Piotrowski , Dusty Mabe , Salvatore Bonaccorso , Thomas Gleixner , Noah Meyerhans , Noah Meyerhans Subject: [PATCH 4.14 01/23] x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests Date: Fri, 3 Jun 2022 19:39:28 +0200 Message-Id: <20220603173814.409505858@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220603173814.362515009@linuxfoundation.org> References: <20220603173814.362515009@linuxfoundation.org> User-Agent: quilt/0.66 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Thomas Gleixner commit 7e0815b3e09986d2fe651199363e135b9358132a upstream. When a XEN_HVM guest uses the XEN PIRQ/Eventchannel mechanism, then PCI/MSI[-X] masking is solely controlled by the hypervisor, but contrary to XEN_PV guests this does not disable PCI/MSI[-X] masking in the PCI/MSI layer. This can lead to a situation where the PCI/MSI layer masks an MSI[-X] interrupt and the hypervisor grants the write despite the fact that it already requested the interrupt. As a consequence interrupt delivery on the affected device is not happening ever. Set pci_msi_ignore_mask to prevent that like it's done for XEN_PV guests already. Fixes: 809f9267bbab ("xen: map MSIs into pirqs") Reported-by: Jeremi Piotrowski Reported-by: Dusty Mabe Reported-by: Salvatore Bonaccorso Signed-off-by: Thomas Gleixner Tested-by: Noah Meyerhans Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/87tuaduxj5.ffs@tglx [nmeyerha@amazon.com: backported to 4.14] Signed-off-by: Noah Meyerhans Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing --- arch/x86/pci/xen.c | 5 +++++ 1 file changed, 5 insertions(+) --- a/arch/x86/pci/xen.c +++ b/arch/x86/pci/xen.c @@ -442,6 +442,11 @@ void __init xen_msi_init(void) =20 x86_msi.setup_msi_irqs =3D xen_hvm_setup_msi_irqs; x86_msi.teardown_msi_irq =3D xen_teardown_msi_irq; + /* + * With XEN PIRQ/Eventchannels in use PCI/MSI[-X] masking is solely + * controlled by the hypervisor. + */ + pci_msi_ignore_mask =3D 1; } #endif From nobody Sat May 2 09:01:00 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 36F23CCA47C for ; Fri, 3 Jun 2022 17:41:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344620AbiFCRlU (ORCPT ); Fri, 3 Jun 2022 13:41:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56486 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344656AbiFCRkj (ORCPT ); Fri, 3 Jun 2022 13:40:39 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4A9B653710; Fri, 3 Jun 2022 10:40:38 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id CC67A61AFD; Fri, 3 Jun 2022 17:40:37 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D5912C385B8; Fri, 3 Jun 2022 17:40:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1654278037; bh=1I/4W29KUrH7k9H2Eyl8gUJVNfzH6A8M+djqcTF92tg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=1/xOkgrC0mgNNWsNWmgaDjr0mTyaPz/PtpEl6N0zpAEDJBo04d8V/n1/e4ewpQPNE Q/o20V7pMe63dFlcJbr1tVnXiw+pezPtJxe2AtMyJDSL9cQbNTR5jrfsNO9fdJpKPs tGxzX4BA+/EXaVRh0YecG3UrlI5ccHpL1Q4Js+bw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, "Denis Efremov (Oracle)" Subject: [PATCH 4.14 02/23] staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() Date: Fri, 3 Jun 2022 19:39:29 +0200 Message-Id: <20220603173814.439377698@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220603173814.362515009@linuxfoundation.org> References: <20220603173814.362515009@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: "Denis Efremov (Oracle)" This code has a check to prevent read overflow but it needs another check to prevent writing beyond the end of the ->Ssid[] array. Fixes: 554c0a3abf21 ("staging: Add rtl8723bs sdio wifi driver") Cc: stable Signed-off-by: Denis Efremov (Oracle) Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing --- drivers/staging/rtl8723bs/os_dep/ioctl_linux.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c +++ b/drivers/staging/rtl8723bs/os_dep/ioctl_linux.c @@ -1438,9 +1438,11 @@ static int rtw_wx_set_scan(struct net_de =20 sec_len =3D *(pos++); len-=3D 1; =20 - if (sec_len>0 && sec_len<=3Dlen) { + if (sec_len > 0 && + sec_len <=3D len && + sec_len <=3D 32) { ssid[ssid_index].SsidLength =3D sec_len; - memcpy(ssid[ssid_index].Ssid, pos, ssid[ssid_index].SsidLength); + memcpy(ssid[ssid_index].Ssid, pos, sec_len); /* DBG_871X("%s COMBO_SCAN with specific ssid:%s, %d\n", __func__ */ /* , ssid[ssid_index].Ssid, ssid[ssid_index].SsidLength); */ ssid_index++; From nobody Sat May 2 09:01:00 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6ACB9C43334 for ; Fri, 3 Jun 2022 17:41:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243564AbiFCRlb (ORCPT ); Fri, 3 Jun 2022 13:41:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56892 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344700AbiFCRkp (ORCPT ); Fri, 3 Jun 2022 13:40:45 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 61C535372D; Fri, 3 Jun 2022 10:40:43 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 944DFB8242C; Fri, 3 Jun 2022 17:40:41 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E3F0FC385A9; Fri, 3 Jun 2022 17:40:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1654278040; bh=eF2T/R2PDmwwBUaMI5JwQMzYr3QAKHOO0+H9xpsrUZQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=C+ZVsOPkdmbsHjHgtXuLQ5VvEJQrymWhjKYyumthem56JcU3gI6azNkbGHaC9ioOV Q26VsM/vuO2YA7lxStU8aN46XmzBJlTkOa5R+P6VcFEsMi/CUXYX3E9NmfypatqbKq 7L0+4c3sK3bHclgNV7JYwOX65oAHiydY7va0uCDw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Eric Dumazet , David Dworken , Willem de Bruijn , "David S. Miller" , Stefan Ghinea Subject: [PATCH 4.14 03/23] tcp: change source port randomizarion at connect() time Date: Fri, 3 Jun 2022 19:39:30 +0200 Message-Id: <20220603173814.469899201@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220603173814.362515009@linuxfoundation.org> References: <20220603173814.362515009@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Eric Dumazet commit 190cc82489f46f9d88e73c81a47e14f80a791e1a upstream. RFC 6056 (Recommendations for Transport-Protocol Port Randomization) provides good summary of why source selection needs extra care. David Dworken reminded us that linux implements Algorithm 3 as described in RFC 6056 3.3.3 Quoting David : In the context of the web, this creates an interesting info leak where websites can count how many TCP connections a user's computer is establishing over time. For example, this allows a website to count exactly how many subresources a third party website loaded. This also allows: - Distinguishing between different users behind a VPN based on distinct source port ranges. - Tracking users over time across multiple networks. - Covert communication channels between different browsers/browser profiles running on the same computer - Tracking what applications are running on a computer based on the pattern of how fast source ports are getting incremented. Section 3.3.4 describes an enhancement, that reduces attackers ability to use the basic information currently stored into the shared 'u32 hint'. This change also decreases collision rate when multiple applications need to connect() to different destinations. Signed-off-by: Eric Dumazet Reported-by: David Dworken Cc: Willem de Bruijn Signed-off-by: David S. Miller [SG: Adjusted context] Signed-off-by: Stefan Ghinea Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing --- net/ipv4/inet_hashtables.c | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) --- a/net/ipv4/inet_hashtables.c +++ b/net/ipv4/inet_hashtables.c @@ -587,6 +587,17 @@ void inet_unhash(struct sock *sk) } EXPORT_SYMBOL_GPL(inet_unhash); =20 +/* RFC 6056 3.3.4. Algorithm 4: Double-Hash Port Selection Algorithm + * Note that we use 32bit integers (vs RFC 'short integers') + * because 2^16 is not a multiple of num_ephemeral and this + * property might be used by clever attacker. + * RFC claims using TABLE_LENGTH=3D10 buckets gives an improvement, + * we use 256 instead to really give more isolation and + * privacy, this only consumes 1 KB of kernel memory. + */ +#define INET_TABLE_PERTURB_SHIFT 8 +static u32 table_perturb[1 << INET_TABLE_PERTURB_SHIFT]; + int __inet_hash_connect(struct inet_timewait_death_row *death_row, struct sock *sk, u32 port_offset, int (*check_established)(struct inet_timewait_death_row *, @@ -600,7 +611,7 @@ int __inet_hash_connect(struct inet_time struct inet_bind_bucket *tb; u32 remaining, offset; int ret, i, low, high; - static u32 hint; + u32 index; =20 if (port) { head =3D &hinfo->bhash[inet_bhashfn(net, port, @@ -625,7 +636,10 @@ int __inet_hash_connect(struct inet_time if (likely(remaining > 1)) remaining &=3D ~1U; =20 - offset =3D (hint + port_offset) % remaining; + net_get_random_once(table_perturb, sizeof(table_perturb)); + index =3D hash_32(port_offset, INET_TABLE_PERTURB_SHIFT); + + offset =3D (READ_ONCE(table_perturb[index]) + port_offset) % remaining; /* In first pass we try ports of @low parity. * inet_csk_get_port() does the opposite choice. */ @@ -678,7 +692,7 @@ next_port: return -EADDRNOTAVAIL; =20 ok: - hint +=3D i + 2; + WRITE_ONCE(table_perturb[index], READ_ONCE(table_perturb[index]) + i + 2); =20 /* Head lock still held and bh's disabled */ inet_bind_hash(sk, tb, port); From nobody Sat May 2 09:01:00 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id AF89DC43334 for ; Fri, 3 Jun 2022 17:41:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344772AbiFCRlY (ORCPT ); Fri, 3 Jun 2022 13:41:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57686 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344768AbiFCRlG (ORCPT ); Fri, 3 Jun 2022 13:41:06 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6778C53A5C; Fri, 3 Jun 2022 10:40:46 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id A0276B82432; Fri, 3 Jun 2022 17:40:44 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id DDD77C385A9; Fri, 3 Jun 2022 17:40:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1654278043; bh=sN7wRxbdbo9D8Yq5WNQYC5GLQgZO7z+fJyeL/zVH8sU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=SGFxvmWsawjoPC+rWMmlYnhYzVzCyC1McIlJUX/zCOLnyYpBfZBcuoNPOJVDba0gC EgR4THwCAopYI8CScr1Oh4q1UmDhszGJJ9h0qh9b/YJXWh4vW48XEvkEpowHt7v5WC NJiHUJHtvuFOcz3jwy7gsqeyc2C5MGGtyMPEG8RY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, "Jason A. Donenfeld" , Moshe Kol , Yossi Gilad , Amit Klein , Eric Dumazet , Willy Tarreau , Jakub Kicinski , Stefan Ghinea Subject: [PATCH 4.14 04/23] secure_seq: use the 64 bits of the siphash for port offset calculation Date: Fri, 3 Jun 2022 19:39:31 +0200 Message-Id: <20220603173814.498717948@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220603173814.362515009@linuxfoundation.org> References: <20220603173814.362515009@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Willy Tarreau commit b2d057560b8107c633b39aabe517ff9d93f285e3 upstream. SipHash replaced MD5 in secure_ipv{4,6}_port_ephemeral() via commit 7cd23e5300c1 ("secure_seq: use SipHash in place of MD5"), but the output remained truncated to 32-bit only. In order to exploit more bits from the hash, let's make the functions return the full 64-bit of siphash_3u32(). We also make sure the port offset calculation in __inet_hash_connect() remains done on 32-bit to avoid the need for div_u64_rem() and an extra cost on 32-bit systems. Cc: Jason A. Donenfeld Cc: Moshe Kol Cc: Yossi Gilad Cc: Amit Klein Reviewed-by: Eric Dumazet Signed-off-by: Willy Tarreau Signed-off-by: Jakub Kicinski [SG: Adjusted context] Signed-off-by: Stefan Ghinea Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing --- include/net/inet_hashtables.h | 2 +- include/net/secure_seq.h | 4 ++-- net/core/secure_seq.c | 4 ++-- net/ipv4/inet_hashtables.c | 10 ++++++---- net/ipv6/inet6_hashtables.c | 4 ++-- 5 files changed, 13 insertions(+), 11 deletions(-) --- a/include/net/inet_hashtables.h +++ b/include/net/inet_hashtables.h @@ -390,7 +390,7 @@ static inline void sk_rcv_saddr_set(stru } =20 int __inet_hash_connect(struct inet_timewait_death_row *death_row, - struct sock *sk, u32 port_offset, + struct sock *sk, u64 port_offset, int (*check_established)(struct inet_timewait_death_row *, struct sock *, __u16, struct inet_timewait_sock **)); --- a/include/net/secure_seq.h +++ b/include/net/secure_seq.h @@ -4,8 +4,8 @@ =20 #include =20 -u32 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport); -u32 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr, +u64 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport); +u64 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr, __be16 dport); u32 secure_tcp_seq(__be32 saddr, __be32 daddr, __be16 sport, __be16 dport); --- a/net/core/secure_seq.c +++ b/net/core/secure_seq.c @@ -96,7 +96,7 @@ u32 secure_tcpv6_seq(const __be32 *saddr } EXPORT_SYMBOL(secure_tcpv6_seq); =20 -u32 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr, +u64 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr, __be16 dport) { const struct { @@ -145,7 +145,7 @@ u32 secure_tcp_seq(__be32 saddr, __be32 return seq_scale(hash); } =20 -u32 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport) +u64 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport) { net_secret_init(); return siphash_4u32((__force u32)saddr, (__force u32)daddr, --- a/net/ipv4/inet_hashtables.c +++ b/net/ipv4/inet_hashtables.c @@ -389,7 +389,7 @@ not_unique: return -EADDRNOTAVAIL; } =20 -static u32 inet_sk_port_offset(const struct sock *sk) +static u64 inet_sk_port_offset(const struct sock *sk) { const struct inet_sock *inet =3D inet_sk(sk); =20 @@ -599,7 +599,7 @@ EXPORT_SYMBOL_GPL(inet_unhash); static u32 table_perturb[1 << INET_TABLE_PERTURB_SHIFT]; =20 int __inet_hash_connect(struct inet_timewait_death_row *death_row, - struct sock *sk, u32 port_offset, + struct sock *sk, u64 port_offset, int (*check_established)(struct inet_timewait_death_row *, struct sock *, __u16, struct inet_timewait_sock **)) { @@ -639,7 +639,9 @@ int __inet_hash_connect(struct inet_time net_get_random_once(table_perturb, sizeof(table_perturb)); index =3D hash_32(port_offset, INET_TABLE_PERTURB_SHIFT); =20 - offset =3D (READ_ONCE(table_perturb[index]) + port_offset) % remaining; + offset =3D READ_ONCE(table_perturb[index]) + port_offset; + offset %=3D remaining; + /* In first pass we try ports of @low parity. * inet_csk_get_port() does the opposite choice. */ @@ -715,7 +717,7 @@ ok: int inet_hash_connect(struct inet_timewait_death_row *death_row, struct sock *sk) { - u32 port_offset =3D 0; + u64 port_offset =3D 0; =20 if (!inet_sk(sk)->inet_num) port_offset =3D inet_sk_port_offset(sk); --- a/net/ipv6/inet6_hashtables.c +++ b/net/ipv6/inet6_hashtables.c @@ -248,7 +248,7 @@ not_unique: return -EADDRNOTAVAIL; } =20 -static u32 inet6_sk_port_offset(const struct sock *sk) +static u64 inet6_sk_port_offset(const struct sock *sk) { const struct inet_sock *inet =3D inet_sk(sk); =20 @@ -260,7 +260,7 @@ static u32 inet6_sk_port_offset(const st int inet6_hash_connect(struct inet_timewait_death_row *death_row, struct sock *sk) { - u32 port_offset =3D 0; + u64 port_offset =3D 0; =20 if (!inet_sk(sk)->inet_num) port_offset =3D inet6_sk_port_offset(sk); From nobody Sat May 2 09:01:00 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C23D9C43334 for ; Fri, 3 Jun 2022 17:41:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344729AbiFCRli (ORCPT ); Fri, 3 Jun 2022 13:41:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57698 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344716AbiFCRlH (ORCPT ); Fri, 3 Jun 2022 13:41:07 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F073C53A74; Fri, 3 Jun 2022 10:40:47 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 1AC9E61AFD; Fri, 3 Jun 2022 17:40:47 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 23179C385B8; Fri, 3 Jun 2022 17:40:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1654278046; bh=2/eUY5HJlBIAAIiHk2QQP+pGXmnFeSwcIppQN6JtJJs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=AVCNc8WZRydYfOz5ZqEXeyRPzNB08bkFofmGTQjwO1BJohUf3kRcHSIaUj4CXIK8/ JRJrpJadDrBwmd64veC2F1nqjQYKYwI7Lwh+ZXOnw8lXqFw5eH+Jvg/jJKuTJ9mW9F +Iy4I23rAD8Hme2m0JJxjoFtlvJdieYaVMEypbNA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Andy Shevchenko , "Rafael J. Wysocki" , dann frazier Subject: [PATCH 4.14 05/23] ACPI: sysfs: Make sparse happy about address space in use Date: Fri, 3 Jun 2022 19:39:32 +0200 Message-Id: <20220603173814.528641585@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220603173814.362515009@linuxfoundation.org> References: <20220603173814.362515009@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Andy Shevchenko commit bdd56d7d8931e842775d2e5b93d426a8d1940e33 upstream. Sparse is not happy about address space in use in acpi_data_show(): drivers/acpi/sysfs.c:428:14: warning: incorrect type in assignment (differe= nt address spaces) drivers/acpi/sysfs.c:428:14: expected void [noderef] __iomem *base drivers/acpi/sysfs.c:428:14: got void * drivers/acpi/sysfs.c:431:59: warning: incorrect type in argument 4 (differe= nt address spaces) drivers/acpi/sysfs.c:431:59: expected void const *from drivers/acpi/sysfs.c:431:59: got void [noderef] __iomem *base drivers/acpi/sysfs.c:433:30: warning: incorrect type in argument 1 (differe= nt address spaces) drivers/acpi/sysfs.c:433:30: expected void *logical_address drivers/acpi/sysfs.c:433:30: got void [noderef] __iomem *base Indeed, acpi_os_map_memory() returns a void pointer with dropped specific address space. Hence, we don't need to carry out __iomem in acpi_data_show(= ). Signed-off-by: Andy Shevchenko Signed-off-by: Rafael J. Wysocki Cc: dann frazier Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing --- drivers/acpi/sysfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/acpi/sysfs.c +++ b/drivers/acpi/sysfs.c @@ -435,7 +435,7 @@ static ssize_t acpi_data_show(struct fil loff_t offset, size_t count) { struct acpi_data_attr *data_attr; - void __iomem *base; + void *base; ssize_t rc; =20 data_attr =3D container_of(bin_attr, struct acpi_data_attr, attr); From nobody Sat May 2 09:01:00 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id AF3E8C43334 for ; Fri, 3 Jun 2022 17:41:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344820AbiFCRlm (ORCPT ); Fri, 3 Jun 2022 13:41:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56986 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344830AbiFCRlL (ORCPT ); Fri, 3 Jun 2022 13:41:11 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C043E53B7F; Fri, 3 Jun 2022 10:40:52 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id B43DEB82430; Fri, 3 Jun 2022 17:40:50 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 09ABDC385B8; Fri, 3 Jun 2022 17:40:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1654278049; bh=/6hYpM1FK3HHsmFSHCUL41bDLJyzzxRtY/h7B9oAOTY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=My2MvMuvQ0uThSJEgIYuHvXedoTOE7Fe7QxLd68OCzVbmRq/dCB7YTLH0zaLuRamz ad7pJRRAnG5mfcrYyHUY4vaDQ4CPg16rPlGF6qy7BWZ4vFXkV5t6omIyAIblGOsJgr OAApAtTOgjRv9Xodi+gUZSPRPwTUIEefq9ATRFtg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Lorenzo Pieralisi , Veronika Kabatova , Aristeu Rozanski , Ard Biesheuvel , "Rafael J. Wysocki" , dann frazier Subject: [PATCH 4.14 06/23] ACPI: sysfs: Fix BERT error region memory mapping Date: Fri, 3 Jun 2022 19:39:33 +0200 Message-Id: <20220603173814.558870162@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220603173814.362515009@linuxfoundation.org> References: <20220603173814.362515009@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Lorenzo Pieralisi commit 1bbc21785b7336619fb6a67f1fff5afdaf229acc upstream. Currently the sysfs interface maps the BERT error region as "memory" (through acpi_os_map_memory()) in order to copy the error records into memory buffers through memory operations (eg memory_read_from_buffer()). The OS system cannot detect whether the BERT error region is part of system RAM or it is "device memory" (eg BMC memory) and therefore it cannot detect which memory attributes the bus to memory support (and corresponding kernel mapping, unless firmware provides the required information). The acpi_os_map_memory() arch backend implementation determines the mapping attributes. On arm64, if the BERT error region is not present in the EFI memory map, the error region is mapped as device-nGnRnE; this triggers alignment faults since memcpy unaligned accesses are not allowed in device-nGnRnE regions. The ACPI sysfs code cannot therefore map by default the BERT error region with memory semantics but should use a safer default. Change the sysfs code to map the BERT error region as MMIO (through acpi_os_map_iomem()) and use the memcpy_fromio() interface to read the error region into the kernel buffer. Link: https://lore.kernel.org/linux-arm-kernel/31ffe8fc-f5ee-2858-26c5-0fd8= bdd68702@arm.com Link: https://lore.kernel.org/linux-acpi/CAJZ5v0g+OVbhuUUDrLUCfX_mVqY_e8ubg= LTU98=3DjfjTeb4t+Pw@mail.gmail.com Signed-off-by: Lorenzo Pieralisi Tested-by: Veronika Kabatova Tested-by: Aristeu Rozanski Acked-by: Ard Biesheuvel Signed-off-by: Rafael J. Wysocki Cc: dann frazier Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing --- drivers/acpi/sysfs.c | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) --- a/drivers/acpi/sysfs.c +++ b/drivers/acpi/sysfs.c @@ -435,19 +435,30 @@ static ssize_t acpi_data_show(struct fil loff_t offset, size_t count) { struct acpi_data_attr *data_attr; - void *base; - ssize_t rc; + void __iomem *base; + ssize_t size; =20 data_attr =3D container_of(bin_attr, struct acpi_data_attr, attr); + size =3D data_attr->attr.size; =20 - base =3D acpi_os_map_memory(data_attr->addr, data_attr->attr.size); + if (offset < 0) + return -EINVAL; + + if (offset >=3D size) + return 0; + + if (count > size - offset) + count =3D size - offset; + + base =3D acpi_os_map_iomem(data_attr->addr, size); if (!base) return -ENOMEM; - rc =3D memory_read_from_buffer(buf, count, &offset, base, - data_attr->attr.size); - acpi_os_unmap_memory(base, data_attr->attr.size); =20 - return rc; + memcpy_fromio(buf, base + offset, count); + + acpi_os_unmap_iomem(base, size); + + return count; } =20 static int acpi_bert_data_init(void *th, struct acpi_data_attr *data_attr) From nobody Sat May 2 09:01:00 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 62062C433EF for ; Fri, 3 Jun 2022 17:41:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344828AbiFCRlp (ORCPT ); Fri, 3 Jun 2022 13:41:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56108 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344735AbiFCRlM (ORCPT ); Fri, 3 Jun 2022 13:41:12 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 74C2A53E0C; Fri, 3 Jun 2022 10:40:55 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id D2FA6B82437; Fri, 3 Jun 2022 17:40:53 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4F5FAC385A9; Fri, 3 Jun 2022 17:40:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1654278052; bh=gkk1sG4sOrtrmy6GTWLJGXeGCVo0l+3iQo2TZuJ6t8s=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=qrv2nb5rwhuJYyNeyes7G9S7HBmxd8j5Y2cO/r7fHkJ9BoygVyWWlNCBjQhj0Y86b MujJ23j3s1LBeun8A3XFzVqDaMuiQPBiLGANPGMaSYHPvDATsWy3V/62wm2PGjVK6s 8fsWrkvdqQVbpAiGJAErXrgA7ZzQAOdY2b/jvUwI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Thomas Bartschies , Steffen Klassert , Sasha Levin Subject: [PATCH 4.14 07/23] net: af_key: check encryption module availability consistency Date: Fri, 3 Jun 2022 19:39:34 +0200 Message-Id: <20220603173814.588665021@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220603173814.362515009@linuxfoundation.org> References: <20220603173814.362515009@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Thomas Bartschies [ Upstream commit 015c44d7bff3f44d569716117becd570c179ca32 ] Since the recent introduction supporting the SM3 and SM4 hash algos for IPs= ec, the kernel produces invalid pfkey acquire messages, when these encryption modules are = disabled. This happens because the availability of the algos wasn't checked in all necessa= ry functions. This patch adds these checks. Signed-off-by: Thomas Bartschies Signed-off-by: Steffen Klassert Signed-off-by: Sasha Levin Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing --- net/key/af_key.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/key/af_key.c b/net/key/af_key.c index 3d5a46080169..990de0702b79 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c @@ -2908,7 +2908,7 @@ static int count_ah_combs(const struct xfrm_tmpl *t) break; if (!aalg->pfkey_supported) continue; - if (aalg_tmpl_set(t, aalg)) + if (aalg_tmpl_set(t, aalg) && aalg->available) sz +=3D sizeof(struct sadb_comb); } return sz + sizeof(struct sadb_prop); @@ -2926,7 +2926,7 @@ static int count_esp_combs(const struct xfrm_tmpl *t) if (!ealg->pfkey_supported) continue; =20 - if (!(ealg_tmpl_set(t, ealg))) + if (!(ealg_tmpl_set(t, ealg) && ealg->available)) continue; =20 for (k =3D 1; ; k++) { @@ -2937,7 +2937,7 @@ static int count_esp_combs(const struct xfrm_tmpl *t) if (!aalg->pfkey_supported) continue; =20 - if (aalg_tmpl_set(t, aalg)) + if (aalg_tmpl_set(t, aalg) && aalg->available) sz +=3D sizeof(struct sadb_comb); } } --=20 2.35.1 From nobody Sat May 2 09:01:00 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1E92EC433EF for ; Fri, 3 Jun 2022 17:41:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344884AbiFCRl4 (ORCPT ); Fri, 3 Jun 2022 13:41:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57690 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344847AbiFCRlM (ORCPT ); Fri, 3 Jun 2022 13:41:12 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8A80453E15; Fri, 3 Jun 2022 10:40:56 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 18A3C61AFE; Fri, 3 Jun 2022 17:40:56 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1E7A3C385B8; Fri, 3 Jun 2022 17:40:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1654278055; bh=DZ/F7hfto6+zZNrsEDnnEnfL6SgqUExG+EhCpoew7Y8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=kIX1UJtaWGGgKvsg6MtCPut/5WFE1mh9emK1oYuNhHSLID0iV6gm+jk/1OWRCrWgX 6/XQlTdZrg/MAgN7ObFyIHEAAUOeBA1PietGg0LclySRCWYSIZjj4LpIlzRMlKkLNk MGmk9QSlFJ4fcTCX/X7kgxtGrVChSXTjWp+LNKi4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, David Wilder , Dylan Hung , Joel Stanley , "David S. Miller" , Sasha Levin Subject: [PATCH 4.14 08/23] net: ftgmac100: Disable hardware checksum on AST2600 Date: Fri, 3 Jun 2022 19:39:35 +0200 Message-Id: <20220603173814.619431272@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220603173814.362515009@linuxfoundation.org> References: <20220603173814.362515009@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Joel Stanley [ Upstream commit 6fd45e79e8b93b8d22fb8fe22c32fbad7e9190bd ] The AST2600 when using the i210 NIC over NC-SI has been observed to produce incorrect checksum results with specific MTU values. This was first observed when sending data across a long distance set of networks. On a local network, the following test was performed using a 1MB file of random data. On the receiver run this script: #!/bin/bash while [ 1 ]; do # Zero the stats nstat -r > /dev/null nc -l 9899 > test-file # Check for checksum errors TcpInCsumErrors=3D$(nstat | grep TcpInCsumErrors) if [ -z "$TcpInCsumErrors" ]; then echo No TcpInCsumErrors else echo TcpInCsumErrors =3D $TcpInCsumErrors fi done On an AST2600 system: # nc 9899 < test-file The test was repeated with various MTU values: # ip link set mtu 1410 dev eth0 The observed results: 1500 - good 1434 - bad 1400 - good 1410 - bad 1420 - good The test was repeated after disabling tx checksumming: # ethtool -K eth0 tx-checksumming off And all MTU values tested resulted in transfers without error. An issue with the driver cannot be ruled out, however there has been no bug discovered so far. David has done the work to take the original bug report of slow data transfer between long distance connections and triaged it down to this test case. The vendor suspects this this is a hardware issue when using NC-SI. The fixes line refers to the patch that introduced AST2600 support. Reported-by: David Wilder Reviewed-by: Dylan Hung Signed-off-by: Joel Stanley Signed-off-by: David S. Miller Signed-off-by: Sasha Levin Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing --- drivers/net/ethernet/faraday/ftgmac100.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/net/ethernet/faraday/ftgmac100.c b/drivers/net/etherne= t/faraday/ftgmac100.c index f35c5dbe54ee..a1caca6accf3 100644 --- a/drivers/net/ethernet/faraday/ftgmac100.c +++ b/drivers/net/ethernet/faraday/ftgmac100.c @@ -1845,6 +1845,11 @@ static int ftgmac100_probe(struct platform_device *p= dev) /* AST2400 doesn't have working HW checksum generation */ if (np && (of_device_is_compatible(np, "aspeed,ast2400-mac"))) netdev->hw_features &=3D ~NETIF_F_HW_CSUM; + + /* AST2600 tx checksum with NCSI is broken */ + if (priv->use_ncsi && of_device_is_compatible(np, "aspeed,ast2600-mac")) + netdev->hw_features &=3D ~NETIF_F_HW_CSUM; + if (np && of_get_property(np, "no-hw-checksum", NULL)) netdev->hw_features &=3D ~(NETIF_F_HW_CSUM | NETIF_F_RXCSUM); netdev->features |=3D netdev->hw_features; --=20 2.35.1 From nobody Sat May 2 09:01:00 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 01420C43334 for ; Fri, 3 Jun 2022 17:42:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344597AbiFCRmE (ORCPT ); Fri, 3 Jun 2022 13:42:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55494 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344618AbiFCRlX (ORCPT ); Fri, 3 Jun 2022 13:41:23 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 923D453E2C; Fri, 3 Jun 2022 10:40:59 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 30E6561B00; Fri, 3 Jun 2022 17:40:59 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 26D71C385A9; Fri, 3 Jun 2022 17:40:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1654278058; bh=PQnNo4qjHa38rWy1F+GxoQE+4yWWYf8kdz4fnLlJYmc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ih8wB8O4PniPnw6jlKwI8P+dnG4v+GgVFw/k0q0YKlkXtrtb41MecHzdgVIN138WZ T4Fyn5AAURMkGaI+3W0Hk2xXfh8iKaJUUlPOeNfY4npfk0MojHqmC/mYIlVD0bk5V2 k5RCOqM1QQwQv/DB7fH6GDcb5TUyEeUJTXYpFTnE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Szymon Balcerak , Piyush Malgujar , Wolfram Sang , Sasha Levin Subject: [PATCH 4.14 09/23] drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers Date: Fri, 3 Jun 2022 19:39:36 +0200 Message-Id: <20220603173814.649059852@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220603173814.362515009@linuxfoundation.org> References: <20220603173814.362515009@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Piyush Malgujar [ Upstream commit 03a35bc856ddc09f2cc1f4701adecfbf3b464cb3 ] Due to i2c->adap.dev.fwnode not being set, ACPI_COMPANION() wasn't properly found for TWSI controllers. Signed-off-by: Szymon Balcerak Signed-off-by: Piyush Malgujar Signed-off-by: Wolfram Sang Signed-off-by: Sasha Levin Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing --- drivers/i2c/busses/i2c-thunderx-pcidrv.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/i2c/busses/i2c-thunderx-pcidrv.c b/drivers/i2c/busses/= i2c-thunderx-pcidrv.c index df0976f4432a..4f0456fe8691 100644 --- a/drivers/i2c/busses/i2c-thunderx-pcidrv.c +++ b/drivers/i2c/busses/i2c-thunderx-pcidrv.c @@ -215,6 +215,7 @@ static int thunder_i2c_probe_pci(struct pci_dev *pdev, i2c->adap.bus_recovery_info =3D &octeon_i2c_recovery_info; i2c->adap.dev.parent =3D dev; i2c->adap.dev.of_node =3D pdev->dev.of_node; + i2c->adap.dev.fwnode =3D dev->fwnode; snprintf(i2c->adap.name, sizeof(i2c->adap.name), "Cavium ThunderX i2c adapter at %s", dev_name(dev)); i2c_set_adapdata(&i2c->adap, i2c); --=20 2.35.1 From nobody Sat May 2 09:01:00 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B19DFC433EF for ; Fri, 3 Jun 2022 17:40:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344744AbiFCRkt (ORCPT ); Fri, 3 Jun 2022 13:40:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56106 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344704AbiFCRke (ORCPT ); Fri, 3 Jun 2022 13:40:34 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4E5DF53A5A; Fri, 3 Jun 2022 10:40:31 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id A70FCB82433; Fri, 3 Jun 2022 17:40:29 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id EA688C385A9; Fri, 3 Jun 2022 17:40:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1654278028; bh=EWXpTEksvB8S2ffedv2N/dJ3pt3UBJG3z47wb74wmtU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=OG59YXJd/Vc27nLP/nxJuTHY4Im7Tm8JYy79y5hqEymC7RbzPQtk2ctlOWMyBWEvN kypdmBWmbhoCCV9uU24ltuorbYz/535GfrykthaKKJbCbSPVgFLYnBCqhpWSkJAYwq vSDnOG4pLbGf6ttV6UGDqWHuM6NiRU49O9TYesIY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Stephen Brennan , David Howells , Andrew Morton , keyrings@vger.kernel.org, Jarkko Sakkinen , Linus Torvalds Subject: [PATCH 4.14 10/23] assoc_array: Fix BUG_ON during garbage collect Date: Fri, 3 Jun 2022 19:39:37 +0200 Message-Id: <20220603173814.678962961@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220603173814.362515009@linuxfoundation.org> References: <20220603173814.362515009@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Stephen Brennan commit d1dc87763f406d4e67caf16dbe438a5647692395 upstream. A rare BUG_ON triggered in assoc_array_gc: [3430308.818153] kernel BUG at lib/assoc_array.c:1609! Which corresponded to the statement currently at line 1593 upstream: BUG_ON(assoc_array_ptr_is_meta(p)); Using the data from the core dump, I was able to generate a userspace reproducer[1] and determine the cause of the bug. [1]: https://github.com/brenns10/kernel_stuff/tree/master/assoc_array_gc After running the iterator on the entire branch, an internal tree node looked like the following: NODE (nr_leaves_on_branch: 3) SLOT [0] NODE (2 leaves) SLOT [1] NODE (1 leaf) SLOT [2..f] NODE (empty) In the userspace reproducer, the pr_devel output when compressing this node was: -- compress node 0x5607cc089380 -- free=3D0, leaves=3D0 [0] retain node 2/1 [nx 0] [1] fold node 1/1 [nx 0] [2] fold node 0/1 [nx 2] [3] fold node 0/2 [nx 2] [4] fold node 0/3 [nx 2] [5] fold node 0/4 [nx 2] [6] fold node 0/5 [nx 2] [7] fold node 0/6 [nx 2] [8] fold node 0/7 [nx 2] [9] fold node 0/8 [nx 2] [10] fold node 0/9 [nx 2] [11] fold node 0/10 [nx 2] [12] fold node 0/11 [nx 2] [13] fold node 0/12 [nx 2] [14] fold node 0/13 [nx 2] [15] fold node 0/14 [nx 2] after: 3 At slot 0, an internal node with 2 leaves could not be folded into the node, because there was only one available slot (slot 0). Thus, the internal node was retained. At slot 1, the node had one leaf, and was able to be folded in successfully. The remaining nodes had no leaves, and so were removed. By the end of the compression stage, there were 14 free slots, and only 3 leaf nodes. The tree was ascended and then its parent node was compressed. When this node was seen, it could not be folded, due to the internal node it contained. The invariant for compression in this function is: whenever nr_leaves_on_branch < ASSOC_ARRAY_FAN_OUT, the node should contain all leaf nodes. The compression step currently cannot guarantee this, given the corner case shown above. To fix this issue, retry compression whenever we have retained a node, and yet nr_leaves_on_branch < ASSOC_ARRAY_FAN_OUT. This second compression will then allow the node in slot 1 to be folded in, satisfying the invariant. Below is the output of the reproducer once the fix is applied: -- compress node 0x560e9c562380 -- free=3D0, leaves=3D0 [0] retain node 2/1 [nx 0] [1] fold node 1/1 [nx 0] [2] fold node 0/1 [nx 2] [3] fold node 0/2 [nx 2] [4] fold node 0/3 [nx 2] [5] fold node 0/4 [nx 2] [6] fold node 0/5 [nx 2] [7] fold node 0/6 [nx 2] [8] fold node 0/7 [nx 2] [9] fold node 0/8 [nx 2] [10] fold node 0/9 [nx 2] [11] fold node 0/10 [nx 2] [12] fold node 0/11 [nx 2] [13] fold node 0/12 [nx 2] [14] fold node 0/13 [nx 2] [15] fold node 0/14 [nx 2] internal nodes remain despite enough space, retrying -- compress node 0x560e9c562380 -- free=3D14, leaves=3D1 [0] fold node 2/15 [nx 0] after: 3 Changes =3D=3D=3D=3D=3D=3D=3D DH: - Use false instead of 0. - Reorder the inserted lines in a couple of places to put retained before next_slot. ver #2) - Fix typo in pr_devel, correct comparison to "<=3D" Fixes: 3cb989501c26 ("Add a generic associative array implementation.") Cc: Signed-off-by: Stephen Brennan Signed-off-by: David Howells cc: Andrew Morton cc: keyrings@vger.kernel.org Link: https://lore.kernel.org/r/20220511225517.407935-1-stephen.s.brennan@o= racle.com/ # v1 Link: https://lore.kernel.org/r/20220512215045.489140-1-stephen.s.brennan@o= racle.com/ # v2 Reviewed-by: Jarkko Sakkinen Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing --- lib/assoc_array.c | 8 ++++++++ 1 file changed, 8 insertions(+) --- a/lib/assoc_array.c +++ b/lib/assoc_array.c @@ -1478,6 +1478,7 @@ int assoc_array_gc(struct assoc_array *a struct assoc_array_ptr *cursor, *ptr; struct assoc_array_ptr *new_root, *new_parent, **new_ptr_pp; unsigned long nr_leaves_on_tree; + bool retained; int keylen, slot, nr_free, next_slot, i; =20 pr_devel("-->%s()\n", __func__); @@ -1554,6 +1555,7 @@ continue_node: goto descend; } =20 +retry_compress: pr_devel("-- compress node %p --\n", new_n); =20 /* Count up the number of empty slots in this node and work out the @@ -1571,6 +1573,7 @@ continue_node: pr_devel("free=3D%d, leaves=3D%lu\n", nr_free, new_n->nr_leaves_on_branch= ); =20 /* See what we can fold in */ + retained =3D false; next_slot =3D 0; for (slot =3D 0; slot < ASSOC_ARRAY_FAN_OUT; slot++) { struct assoc_array_shortcut *s; @@ -1620,9 +1623,14 @@ continue_node: pr_devel("[%d] retain node %lu/%d [nx %d]\n", slot, child->nr_leaves_on_branch, nr_free + 1, next_slot); + retained =3D true; } } =20 + if (retained && new_n->nr_leaves_on_branch <=3D ASSOC_ARRAY_FAN_OUT) { + pr_devel("internal nodes remain despite enough space, retrying\n"); + goto retry_compress; + } pr_devel("after: %lu\n", new_n->nr_leaves_on_branch); =20 nr_leaves_on_tree =3D new_n->nr_leaves_on_branch; From nobody Sat May 2 09:01:00 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id EAF2CC433EF for ; Fri, 3 Jun 2022 17:41:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344818AbiFCRlK (ORCPT ); Fri, 3 Jun 2022 13:41:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56112 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344708AbiFCRkf (ORCPT ); Fri, 3 Jun 2022 13:40:35 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2E7D153A4E; Fri, 3 Jun 2022 10:40:32 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id ADE5761AE9; Fri, 3 Jun 2022 17:40:31 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id BF3EDC385A9; Fri, 3 Jun 2022 17:40:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1654278031; bh=bqXp61k5CiwTWKkWEi6iswvZK06vWgdHmhXGjp6f8uQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=hn9lMDPhw0wEhXU+htDVO7Rgo26Ugaw9GbH7LZB6MFwOyK4Q9vEVrvSg8KkIewcWj 0YiFarTVyeCw7eUORhQvsWzCbqymwStvfrqzcQTmMjd2TfWQlQb00cy03CbSCjVURq 4hT1JtU2AY49uncuAp02zsspYk2dH3tAsL/aGGo8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, "Gustavo A. R. Silva" Subject: [PATCH 4.14 11/23] drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() Date: Fri, 3 Jun 2022 19:39:38 +0200 Message-Id: <20220603173814.710422047@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220603173814.362515009@linuxfoundation.org> References: <20220603173814.362515009@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Gustavo A. R. Silva commit 336feb502a715909a8136eb6a62a83d7268a353b upstream. Fix the following -Wstringop-overflow warnings when building with GCC-11: drivers/gpu/drm/i915/intel_pm.c:3106:9: warning: =E2=80=98intel_read_wm_lat= ency=E2=80=99 accessing 16 bytes in a region of size 10 [-Wstringop-overflo= w=3D] 3106 | intel_read_wm_latency(dev_priv, dev_priv->wm.pri_latency); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/gpu/drm/i915/intel_pm.c:3106:9: note: referencing argument 2 of typ= e =E2=80=98u16 *=E2=80=99 {aka =E2=80=98short unsigned int *=E2=80=99} drivers/gpu/drm/i915/intel_pm.c:2861:13: note: in a call to function =E2=80= =98intel_read_wm_latency=E2=80=99 2861 | static void intel_read_wm_latency(struct drm_i915_private *dev_priv, | ^~~~~~~~~~~~~~~~~~~~~ by removing the over-specified array size from the argument declarations. It seems that this code is actually safe because the size of the array depends on the hardware generation, and the function checks for that. Notice that wm can be an array of 5 elements: drivers/gpu/drm/i915/intel_pm.c:3109: intel_read_wm_latency(dev_priv, dev= _priv->wm.pri_latency); or an array of 8 elements: drivers/gpu/drm/i915/intel_pm.c:3131: intel_read_wm_latency(dev_priv, dev= _priv->wm.skl_latency); and the compiler legitimately complains about that. This helps with the ongoing efforts to globally enable -Wstringop-overflow. Link: https://github.com/KSPP/linux/issues/181 Signed-off-by: Gustavo A. R. Silva Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing --- drivers/gpu/drm/i915/intel_pm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/gpu/drm/i915/intel_pm.c +++ b/drivers/gpu/drm/i915/intel_pm.c @@ -2793,7 +2793,7 @@ hsw_compute_linetime_wm(const struct int } =20 static void intel_read_wm_latency(struct drm_i915_private *dev_priv, - uint16_t wm[8]) + uint16_t wm[]) { if (INTEL_GEN(dev_priv) >=3D 9) { uint32_t val; From nobody Sat May 2 09:01:00 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 19269C43334 for ; Fri, 3 Jun 2022 17:41:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242383AbiFCRlP (ORCPT ); Fri, 3 Jun 2022 13:41:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56478 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344654AbiFCRki (ORCPT ); Fri, 3 Jun 2022 13:40:38 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DD9B05370C; Fri, 3 Jun 2022 10:40:36 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 855BAB8242E; Fri, 3 Jun 2022 17:40:35 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id CBAAFC385A9; Fri, 3 Jun 2022 17:40:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1654278034; bh=Tf/1ZHZY21OoVrBNdm1QUMrhlV55RYeuYZ5RF1nX20w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=tO/HbTvfZ84/uRl29yDF5WLtJP0bmPcT4kx1WiQUZNk74/xWAMxZgR8OKI0HZP3I2 nxjHC7z69S+VMRxS0mTllyP7Ufifc1VWUYeKo6K2FeapHBNKxBIWNUR8IBstR+3PIB ME8nnDUQG5egOkH+6skRbMyYvHOrELBP0vRqoqXM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Haimin Zhang , Chaitanya Kulkarni , Christoph Hellwig , Jens Axboe , Dragos-Marian Panait Subject: [PATCH 4.14 12/23] block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern Date: Fri, 3 Jun 2022 19:39:39 +0200 Message-Id: <20220603173814.739868619@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220603173814.362515009@linuxfoundation.org> References: <20220603173814.362515009@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Haimin Zhang commit cc8f7fe1f5eab010191aa4570f27641876fa1267 upstream. Add __GFP_ZERO flag for alloc_page in function bio_copy_kern to initialize the buffer of a bio. Signed-off-by: Haimin Zhang Reviewed-by: Chaitanya Kulkarni Reviewed-by: Christoph Hellwig Link: https://lore.kernel.org/r/20220216084038.15635-1-tcs.kernel@gmail.com Signed-off-by: Jens Axboe [DP: Backported to 4.19: Manually added __GFP_ZERO flag] Signed-off-by: Dragos-Marian Panait Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing --- block/bio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/block/bio.c +++ b/block/bio.c @@ -1657,7 +1657,7 @@ struct bio *bio_copy_kern(struct request if (bytes > len) bytes =3D len; =20 - page =3D alloc_page(q->bounce_gfp | gfp_mask); + page =3D alloc_page(q->bounce_gfp | __GFP_ZERO | gfp_mask); if (!page) goto cleanup; From nobody Sat May 2 09:01:00 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E6F61C433EF for ; Fri, 3 Jun 2022 17:43:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344893AbiFCRnI (ORCPT ); Fri, 3 Jun 2022 13:43:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57720 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344866AbiFCRmg (ORCPT ); Fri, 3 Jun 2022 13:42:36 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6AE9D544CD; Fri, 3 Jun 2022 10:41:38 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 50BE2B8241E; Fri, 3 Jun 2022 17:41:36 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 718E5C385B8; Fri, 3 Jun 2022 17:41:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1654278095; bh=3ViZWjmJ+Nek5pl0FuNMo3ymqto6EzWkpqpCjbVe+J8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=q+UhhMdM8ZGiHeU+Wu9gYbJ8SIehtwd30o0Mb9XbmwAJz5OiMJVKS9GD9daCBpXqo hJFeS8uUp/JVmb6pkUfvD+M3RyAaUV6yNfaJephoCJG1Xogha4qx06a4uH0oSEisUB MQKnC30D5e/y1U7RpSAPpl72BnvSj9SS2wpbC9Pc= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Ariadne Conill , Michael Kerrisk , Matthew Wilcox , Christian Brauner , Rich Felker , Eric Biederman , Alexander Viro , linux-fsdevel@vger.kernel.org, Kees Cook , Andy Lutomirski , Vegard Nossum Subject: [PATCH 4.14 13/23] exec: Force single empty string when argv is empty Date: Fri, 3 Jun 2022 19:39:40 +0200 Message-Id: <20220603173814.769065032@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220603173814.362515009@linuxfoundation.org> References: <20220603173814.362515009@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Kees Cook commit dcd46d897adb70d63e025f175a00a89797d31a43 upstream. Quoting[1] Ariadne Conill: "In several other operating systems, it is a hard requirement that the second argument to execve(2) be the name of a program, thus prohibiting a scenario where argc < 1. POSIX 2017 also recommends this behaviour, but it is not an explicit requirement[2]: The argument arg0 should point to a filename string that is associated with the process being started by one of the exec functions. ... Interestingly, Michael Kerrisk opened an issue about this in 2008[3], but there was no consensus to support fixing this issue then. Hopefully now that CVE-2021-4034 shows practical exploitative use[4] of this bug in a shellcode, we can reconsider. This issue is being tracked in the KSPP issue tracker[5]." While the initial code searches[6][7] turned up what appeared to be mostly corner case tests, trying to that just reject argv =3D=3D NULL (or an immediately terminated pointer list) quickly started tripping[8] existing userspace programs. The next best approach is forcing a single empty string into argv and adjusting argc to match. The number of programs depending on argc =3D=3D 0 seems a smaller set than those calling execve with a NULL argv. Account for the additional stack space in bprm_stack_limits(). Inject an empty string when argc =3D=3D 0 (and set argc =3D 1). Warn about the case so userspace has some notice about the change: process './argc0' launched './argc0' with NULL argv: empty string added Additionally WARN() and reject NULL argv usage for kernel threads. [1] https://lore.kernel.org/lkml/20220127000724.15106-1-ariadne@dereference= d.org/ [2] https://pubs.opengroup.org/onlinepubs/9699919799/functions/exec.html [3] https://bugzilla.kernel.org/show_bug.cgi?id=3D8408 [4] https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt [5] https://github.com/KSPP/linux/issues/176 [6] https://codesearch.debian.net/search?q=3Dexecve%5C+*%5C%28%5B%5E%2C%5D%= 2B%2C+*NULL&literal=3D0 [7] https://codesearch.debian.net/search?q=3Dexeclp%3F%5Cs*%5C%28%5B%5E%2C%= 5D%2B%2C%5Cs*NULL&literal=3D0 [8] https://lore.kernel.org/lkml/20220131144352.GE16385@xsang-OptiPlex-9020/ Reported-by: Ariadne Conill Reported-by: Michael Kerrisk Cc: Matthew Wilcox Cc: Christian Brauner Cc: Rich Felker Cc: Eric Biederman Cc: Alexander Viro Cc: linux-fsdevel@vger.kernel.org Cc: stable@vger.kernel.org Signed-off-by: Kees Cook Acked-by: Christian Brauner Acked-by: Ariadne Conill Acked-by: Andy Lutomirski Link: https://lore.kernel.org/r/20220201000947.2453721-1-keescook@chromium.= org [vegard: fixed conflicts due to missing 886d7de631da71e30909980fdbf318f7caade262^- and 3950e975431bc914f7e81b8f2a2dbdf2064acb0f^- and 655c16a8ce9c15842547f40ce23fd148aeccc074] Signed-off-by: Vegard Nossum Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing --- fs/exec.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) This has been tested in both argc =3D=3D 0 and argc >=3D 1 cases, but I wou= ld still appreciate a review given the differences with mainline. If it's considered too risky I'm also fine with dropping it -- just wanted to make sure this didn't fall through the cracks, as it does block a real (albeit old by now) exploit. --- a/fs/exec.c +++ b/fs/exec.c @@ -1788,6 +1788,9 @@ static int do_execveat_common(int fd, st goto out_unmark; =20 bprm->argc =3D count(argv, MAX_ARG_STRINGS); + if (bprm->argc =3D=3D 0) + pr_warn_once("process '%s' launched '%s' with NULL argv: empty string ad= ded\n", + current->comm, bprm->filename); if ((retval =3D bprm->argc) < 0) goto out; =20 @@ -1812,6 +1815,20 @@ static int do_execveat_common(int fd, st if (retval < 0) goto out; =20 + /* + * When argv is empty, add an empty string ("") as argv[0] to + * ensure confused userspace programs that start processing + * from argv[1] won't end up walking envp. See also + * bprm_stack_limits(). + */ + if (bprm->argc =3D=3D 0) { + const char *argv[] =3D { "", NULL }; + retval =3D copy_strings_kernel(1, argv, bprm); + if (retval < 0) + goto out; + bprm->argc =3D 1; + } + retval =3D exec_binprm(bprm); if (retval < 0) goto out; From nobody Sat May 2 09:01:00 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B9324C43334 for ; Fri, 3 Jun 2022 17:42:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344677AbiFCRmK (ORCPT ); Fri, 3 Jun 2022 13:42:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56948 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344660AbiFCRld (ORCPT ); Fri, 3 Jun 2022 13:41:33 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0C44854020; Fri, 3 Jun 2022 10:41:06 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 755C361B01; Fri, 3 Jun 2022 17:41:05 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 64DB3C385A9; Fri, 3 Jun 2022 17:41:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1654278064; bh=NrqR3APVfQTFn18O8kTbv5kSSR7EgdJGvzMmKqheoAE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=rFicIFX+K4C+/uyw81xSFfkg+cs5hLoQPnGEd+dNXAOWYQ/nzUh1qvh2D9O6C0FNB Hpv9a/PtFgix0b2lWR5lHy7TSNCquZcvvc52neJ3jvvAB9egHvrJJeb4c9zyKAhnEW pg5mUM+/C/8FD+N9e9vbligOIyem8Qd3+2s3UGaU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot+793a590957d9c1b96620@syzkaller.appspotmail.com, Florian Westphal , Pablo Neira Ayuso Subject: [PATCH 4.14 14/23] netfilter: conntrack: re-fetch conntrack after insertion Date: Fri, 3 Jun 2022 19:39:41 +0200 Message-Id: <20220603173814.799160490@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220603173814.362515009@linuxfoundation.org> References: <20220603173814.362515009@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Florian Westphal commit 56b14ecec97f39118bf85c9ac2438c5a949509ed upstream. In case the conntrack is clashing, insertion can free skb->_nfct and set skb->_nfct to the already-confirmed entry. This wasn't found before because the conntrack entry and the extension space used to free'd after an rcu grace period, plus the race needs events enabled to trigger. Reported-by: Fixes: 71d8c47fc653 ("netfilter: conntrack: introduce clash resolution on i= nsertion race") Fixes: 2ad9d7747c10 ("netfilter: conntrack: free extension area immediately= ") Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing --- include/net/netfilter/nf_conntrack_core.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) --- a/include/net/netfilter/nf_conntrack_core.h +++ b/include/net/netfilter/nf_conntrack_core.h @@ -67,8 +67,13 @@ static inline int nf_conntrack_confirm(s int ret =3D NF_ACCEPT; =20 if (ct) { - if (!nf_ct_is_confirmed(ct)) + if (!nf_ct_is_confirmed(ct)) { ret =3D __nf_conntrack_confirm(skb); + + if (ret =3D=3D NF_ACCEPT) + ct =3D (struct nf_conn *)skb_nfct(skb); + } + if (likely(ret =3D=3D NF_ACCEPT)) nf_ct_deliver_cached_events(ct); } From nobody Sat May 2 09:01:00 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E40DAC43334 for ; Fri, 3 Jun 2022 17:42:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344926AbiFCRm1 (ORCPT ); Fri, 3 Jun 2022 13:42:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56428 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344855AbiFCRly (ORCPT ); Fri, 3 Jun 2022 13:41:54 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 09E5D5372C; Fri, 3 Jun 2022 10:41:11 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 4051361AFB; Fri, 3 Jun 2022 17:41:11 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 469CBC385B8; Fri, 3 Jun 2022 17:41:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1654278070; bh=IsxHG8ttFcdvmopn3+fk/7LmtauGr8BOoVZrHnUy7wM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Q3mzKnY+ztin/AOrTwBympWhCzrlqLZ2KKcDizVRqfOxGLjwyviJT8+kGenaxrBKq apBt3Pbqes/LAasnstEdJxgCDlniXo7BjN9wIaektf63RrhDyPLmD/bIl8SSuIr91x qriFIF7ZcRAtM/4RFC6oZ+Osm4J7r+ixk3ctJCOQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Sultan Alsawaf , Minchan Kim , Nitin Gupta , Sergey Senozhatsky , Andrew Morton Subject: [PATCH 4.14 15/23] zsmalloc: fix races between asynchronous zspage free and page migration Date: Fri, 3 Jun 2022 19:39:42 +0200 Message-Id: <20220603173814.827592240@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220603173814.362515009@linuxfoundation.org> References: <20220603173814.362515009@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Sultan Alsawaf commit 2505a981114dcb715f8977b8433f7540854851d8 upstream. The asynchronous zspage free worker tries to lock a zspage's entire page list without defending against page migration. Since pages which haven't yet been locked can concurrently migrate off the zspage page list while lock_zspage() churns away, lock_zspage() can suffer from a few different lethal races. It can lock a page which no longer belongs to the zspage and unsafely dereference page_private(), it can unsafely dereference a torn pointer to the next page (since there's a data race), and it can observe a spurious NULL pointer to the next page and thus not lock all of the zspage's pages (since a single page migration will reconstruct the entire page list, and create_page_chain() unconditionally zeroes out each list pointer in the process). Fix the races by using migrate_read_lock() in lock_zspage() to synchronize with page migration. Link: https://lkml.kernel.org/r/20220509024703.243847-1-sultan@kerneltoast.= com Fixes: 77ff465799c602 ("zsmalloc: zs_page_migrate: skip unnecessary loops b= ut not return -EBUSY if zspage is not inuse") Signed-off-by: Sultan Alsawaf Acked-by: Minchan Kim Cc: Nitin Gupta Cc: Sergey Senozhatsky Cc: Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing --- mm/zsmalloc.c | 37 +++++++++++++++++++++++++++++++++---- 1 file changed, 33 insertions(+), 4 deletions(-) --- a/mm/zsmalloc.c +++ b/mm/zsmalloc.c @@ -952,11 +952,40 @@ static void reset_page(struct page *page */ void lock_zspage(struct zspage *zspage) { - struct page *page =3D get_first_page(zspage); + struct page *curr_page, *page; =20 - do { - lock_page(page); - } while ((page =3D get_next_page(page)) !=3D NULL); + /* + * Pages we haven't locked yet can be migrated off the list while we're + * trying to lock them, so we need to be careful and only attempt to + * lock each page under migrate_read_lock(). Otherwise, the page we lock + * may no longer belong to the zspage. This means that we may wait for + * the wrong page to unlock, so we must take a reference to the page + * prior to waiting for it to unlock outside migrate_read_lock(). + */ + while (1) { + migrate_read_lock(zspage); + page =3D get_first_page(zspage); + if (trylock_page(page)) + break; + get_page(page); + migrate_read_unlock(zspage); + wait_on_page_locked(page); + put_page(page); + } + + curr_page =3D page; + while ((page =3D get_next_page(curr_page))) { + if (trylock_page(page)) { + curr_page =3D page; + } else { + get_page(page); + migrate_read_unlock(zspage); + wait_on_page_locked(page); + put_page(page); + migrate_read_lock(zspage); + } + } + migrate_read_unlock(zspage); } =20 int trylock_zspage(struct zspage *zspage) From nobody Sat May 2 09:01:00 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 19AD2CCA473 for ; Fri, 3 Jun 2022 17:42:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344654AbiFCRmb (ORCPT ); Fri, 3 Jun 2022 13:42:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56768 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344756AbiFCRlz (ORCPT ); Fri, 3 Jun 2022 13:41:55 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4EE6B53A51; Fri, 3 Jun 2022 10:41:15 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id A975361B00; Fri, 3 Jun 2022 17:41:14 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9955BC385A9; Fri, 3 Jun 2022 17:41:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1654278074; bh=nEEt0MjSOfaKM23Di3zdTZzjV4Q96cjTsIQFdDcNp/8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=E5gKrqq7HPbZxESwJQPR2fsnAHre+aQgy3g4fG24Ufyk0uf6J3Dz/8xShx2hQZc5+ 2lG6/9mShwFMbcubmTnwg0NS+hWwNlnlpiOI738FNJ5/7BsWLaXMTbOKU48hnfzIjr z0Zd20snTy2Ted0gMWLkrjBtyTJCW9Jht4SYonwg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Dan Carpenter , Mikulas Patocka , Mike Snitzer Subject: [PATCH 4.14 16/23] dm integrity: fix error code in dm_integrity_ctr() Date: Fri, 3 Jun 2022 19:39:43 +0200 Message-Id: <20220603173814.856716104@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220603173814.362515009@linuxfoundation.org> References: <20220603173814.362515009@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Dan Carpenter commit d3f2a14b8906df913cb04a706367b012db94a6e8 upstream. The "r" variable shadows an earlier "r" that has function scope. It means that we accidentally return success instead of an error code. Smatch has a warning for this: drivers/md/dm-integrity.c:4503 dm_integrity_ctr() warn: missing error code 'r' Fixes: 7eada909bfd7 ("dm: add integrity target") Cc: stable@vger.kernel.org Signed-off-by: Dan Carpenter Reviewed-by: Mikulas Patocka Signed-off-by: Mike Snitzer Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing --- drivers/md/dm-integrity.c | 2 -- 1 file changed, 2 deletions(-) --- a/drivers/md/dm-integrity.c +++ b/drivers/md/dm-integrity.c @@ -3156,8 +3156,6 @@ static int dm_integrity_ctr(struct dm_ta } =20 if (should_write_sb) { - int r; - init_journal(ic, 0, ic->journal_sections, 0); r =3D dm_integrity_failed(ic); if (unlikely(r)) { From nobody Sat May 2 09:01:00 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 145AECCA473 for ; Fri, 3 Jun 2022 17:42:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344942AbiFCRmo (ORCPT ); Fri, 3 Jun 2022 13:42:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56864 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238609AbiFCRlz (ORCPT ); Fri, 3 Jun 2022 13:41:55 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E6E4F5370A; Fri, 3 Jun 2022 10:41:17 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 84A4461AFE; Fri, 3 Jun 2022 17:41:17 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8E7E2C385A9; Fri, 3 Jun 2022 17:41:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1654278077; bh=QqEwCMdb8k+N56RTMdbQ30Qz5GEWkNdJwW97pvrjALU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=bFLmh8bMp7Vcxr3gyY+Os9984JAghrf0b0FwIWA4QxeskF7VAdvl1aJOYTF4xBHND sE5l0n4b+MHApdyJLX0Qv5rokn1dfDed5yx8p1lv8zPEIbSHIu1B4qygrd0KSr+PMG AF/HLpBjyfhwVg7X26zaxqLLKiaZviqczKuCFWqw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Mikulas Patocka , Milan Broz , Mike Snitzer Subject: [PATCH 4.14 17/23] dm crypt: make printing of the key constant-time Date: Fri, 3 Jun 2022 19:39:44 +0200 Message-Id: <20220603173814.885694090@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220603173814.362515009@linuxfoundation.org> References: <20220603173814.362515009@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Mikulas Patocka commit 567dd8f34560fa221a6343729474536aa7ede4fd upstream. The device mapper dm-crypt target is using scnprintf("%02x", cc->key[i]) to report the current key to userspace. However, this is not a constant-time operation and it may leak information about the key via timing, via cache access patterns or via the branch predictor. Change dm-crypt's key printing to use "%c" instead of "%02x". Also introduce hex2asc() that carefully avoids any branching or memory accesses when converting a number in the range 0 ... 15 to an ascii character. Cc: stable@vger.kernel.org Signed-off-by: Mikulas Patocka Tested-by: Milan Broz Signed-off-by: Mike Snitzer Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing --- drivers/md/dm-crypt.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) --- a/drivers/md/dm-crypt.c +++ b/drivers/md/dm-crypt.c @@ -2942,6 +2942,11 @@ static int crypt_map(struct dm_target *t return DM_MAPIO_SUBMITTED; } =20 +static char hex2asc(unsigned char c) +{ + return c + '0' + ((unsigned)(9 - c) >> 4 & 0x27); +} + static void crypt_status(struct dm_target *ti, status_type_t type, unsigned status_flags, char *result, unsigned maxlen) { @@ -2960,9 +2965,12 @@ static void crypt_status(struct dm_targe if (cc->key_size > 0) { if (cc->key_string) DMEMIT(":%u:%s", cc->key_size, cc->key_string); - else - for (i =3D 0; i < cc->key_size; i++) - DMEMIT("%02x", cc->key[i]); + else { + for (i =3D 0; i < cc->key_size; i++) { + DMEMIT("%c%c", hex2asc(cc->key[i] >> 4), + hex2asc(cc->key[i] & 0xf)); + } + } } else DMEMIT("-"); From nobody Sat May 2 09:01:00 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id EF3D7C433EF for ; Fri, 3 Jun 2022 17:42:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344876AbiFCRmg (ORCPT ); Fri, 3 Jun 2022 13:42:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56108 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344644AbiFCRl5 (ORCPT ); Fri, 3 Jun 2022 13:41:57 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C473B54027; Fri, 3 Jun 2022 10:41:22 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 1FF99B8242D; Fri, 3 Jun 2022 17:41:21 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8A3C9C385A9; Fri, 3 Jun 2022 17:41:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1654278079; bh=NtzRiktix8jeRbEZOojHE8GwvkEJds2YxrmN8m2tScc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=vmvNuQC4gDi9+68l4Ij59T6cN8T9VEYQg2+nirhtIy7P3adcB01wx+e8b0DblI/NU 92gOR0DPmxhcw40c2p87qdpot1LZEnMuMBQU7oW1IOmvnLbDk5Tqu/9ZzV8GFNt/Rq XTrveGVI0GaM2s0vRM2/NxOv2AyTupivdc8tFgHg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Mikulas Patocka , Mike Snitzer Subject: [PATCH 4.14 18/23] dm stats: add cond_resched when looping over entries Date: Fri, 3 Jun 2022 19:39:45 +0200 Message-Id: <20220603173814.915207602@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220603173814.362515009@linuxfoundation.org> References: <20220603173814.362515009@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Mikulas Patocka commit bfe2b0146c4d0230b68f5c71a64380ff8d361f8b upstream. dm-stats can be used with a very large number of entries (it is only limited by 1/4 of total system memory), so add rescheduling points to the loops that iterate over the entries. Cc: stable@vger.kernel.org Signed-off-by: Mikulas Patocka Signed-off-by: Mike Snitzer Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing --- drivers/md/dm-stats.c | 8 ++++++++ 1 file changed, 8 insertions(+) --- a/drivers/md/dm-stats.c +++ b/drivers/md/dm-stats.c @@ -224,6 +224,7 @@ void dm_stats_cleanup(struct dm_stats *s atomic_read(&shared->in_flight[READ]), atomic_read(&shared->in_flight[WRITE])); } + cond_resched(); } dm_stat_free(&s->rcu_head); } @@ -312,6 +313,7 @@ static int dm_stats_create(struct dm_sta for (ni =3D 0; ni < n_entries; ni++) { atomic_set(&s->stat_shared[ni].in_flight[READ], 0); atomic_set(&s->stat_shared[ni].in_flight[WRITE], 0); + cond_resched(); } =20 if (s->n_histogram_entries) { @@ -324,6 +326,7 @@ static int dm_stats_create(struct dm_sta for (ni =3D 0; ni < n_entries; ni++) { s->stat_shared[ni].tmp.histogram =3D hi; hi +=3D s->n_histogram_entries + 1; + cond_resched(); } } =20 @@ -344,6 +347,7 @@ static int dm_stats_create(struct dm_sta for (ni =3D 0; ni < n_entries; ni++) { p[ni].histogram =3D hi; hi +=3D s->n_histogram_entries + 1; + cond_resched(); } } } @@ -473,6 +477,7 @@ static int dm_stats_list(struct dm_stats } DMEMIT("\n"); } + cond_resched(); } mutex_unlock(&stats->mutex); =20 @@ -749,6 +754,7 @@ static void __dm_stat_clear(struct dm_st local_irq_enable(); } } + cond_resched(); } } =20 @@ -864,6 +870,8 @@ static int dm_stats_print(struct dm_stat =20 if (unlikely(sz + 1 >=3D maxlen)) goto buffer_overflow; + + cond_resched(); } =20 if (clear) From nobody Sat May 2 09:01:00 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9CC8EC433EF for ; Fri, 3 Jun 2022 17:42:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344863AbiFCRmt (ORCPT ); Fri, 3 Jun 2022 13:42:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57382 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344897AbiFCRl6 (ORCPT ); Fri, 3 Jun 2022 13:41:58 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 39F8E53A66; Fri, 3 Jun 2022 10:41:24 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 935CB61B00; Fri, 3 Jun 2022 17:41:23 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8D942C385A9; Fri, 3 Jun 2022 17:41:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1654278083; bh=SNi0esmcOt+osBhcDREYjYRuCny0Bw5N6A5oulrF3Mo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=htcfgWiuFj57+5iyuK1S56ioyfzxJgNELoeUOJYpQfuhpb+ofwqvrVMyA40D23hsX xxmmoCQzRAPKC7ylQi0CvRB+fS59ycN16l2P2soxNrHlEt3z92U8c8amkclg47oKCs XBUOmpsai1ICZXAFepyr5jycYUrXcGk4bVC0Y0PE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Sarthak Kukreti , Kees Cook , Mike Snitzer Subject: [PATCH 4.14 19/23] dm verity: set DM_TARGET_IMMUTABLE feature flag Date: Fri, 3 Jun 2022 19:39:46 +0200 Message-Id: <20220603173814.944801303@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220603173814.362515009@linuxfoundation.org> References: <20220603173814.362515009@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Sarthak Kukreti commit 4caae58406f8ceb741603eee460d79bacca9b1b5 upstream. The device-mapper framework provides a mechanism to mark targets as immutable (and hence fail table reloads that try to change the target type). Add the DM_TARGET_IMMUTABLE flag to the dm-verity target's feature flags to prevent switching the verity target with a different target type. Fixes: a4ffc152198e ("dm: add verity target") Cc: stable@vger.kernel.org Signed-off-by: Sarthak Kukreti Reviewed-by: Kees Cook Signed-off-by: Mike Snitzer Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing --- drivers/md/dm-verity-target.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/md/dm-verity-target.c +++ b/drivers/md/dm-verity-target.c @@ -1163,6 +1163,7 @@ bad: =20 static struct target_type verity_target =3D { .name =3D "verity", + .features =3D DM_TARGET_IMMUTABLE, .version =3D {1, 3, 0}, .module =3D THIS_MODULE, .ctr =3D verity_ctr, From nobody Sat May 2 09:01:00 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3A3A3C43334 for ; Fri, 3 Jun 2022 17:42:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344912AbiFCRmx (ORCPT ); Fri, 3 Jun 2022 13:42:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55674 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344801AbiFCRmI (ORCPT ); Fri, 3 Jun 2022 13:42:08 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CB09F53A79; Fri, 3 Jun 2022 10:41:28 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 42582B8241E; Fri, 3 Jun 2022 17:41:27 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 97AB4C385B8; Fri, 3 Jun 2022 17:41:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1654278086; bh=5DLh3zfwqkuKS/K1n4AvAGFzOB5krvK1ROtUZvkNdoI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=FC4bWCNvWYoP6zcb12VGP/HM1Gtyj/LFusqdLmagxg5YK6phPCTQhfV0db39bFK7D T9SulEH9c2cXF0H4Mcv1r1NP6rhEg61YL8fLT84daW++2Py3HBUPgfs9hzHeEb2ZSp Z8MjoY+/hK5RqmbZWyRO4W2MCYNL7DSF63X4IHAY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Xiu Jianfeng , Stefan Berger , Jarkko Sakkinen Subject: [PATCH 4.14 20/23] tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() Date: Fri, 3 Jun 2022 19:39:47 +0200 Message-Id: <20220603173814.974445103@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220603173814.362515009@linuxfoundation.org> References: <20220603173814.362515009@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Xiu Jianfeng commit d0dc1a7100f19121f6e7450f9cdda11926aa3838 upstream. Currently it returns zero when CRQ response timed out, it should return an error code instead. Fixes: d8d74ea3c002 ("tpm: ibmvtpm: Wait for buffer to be set before procee= ding") Signed-off-by: Xiu Jianfeng Reviewed-by: Stefan Berger Acked-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing --- drivers/char/tpm/tpm_ibmvtpm.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/char/tpm/tpm_ibmvtpm.c +++ b/drivers/char/tpm/tpm_ibmvtpm.c @@ -692,6 +692,7 @@ static int tpm_ibmvtpm_probe(struct vio_ if (!wait_event_timeout(ibmvtpm->crq_queue.wq, ibmvtpm->rtce_buf !=3D NULL, HZ)) { + rc =3D -ENODEV; dev_err(dev, "CRQ response timed out\n"); goto init_irq_cleanup; } From nobody Sat May 2 09:01:00 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E63C7C433EF for ; Fri, 3 Jun 2022 17:43:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344735AbiFCRm6 (ORCPT ); Fri, 3 Jun 2022 13:42:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56486 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344678AbiFCRmL (ORCPT ); Fri, 3 Jun 2022 13:42:11 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0D4F353B5F; Fri, 3 Jun 2022 10:41:30 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 9E6E961AFE; Fri, 3 Jun 2022 17:41:29 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A4E8EC385B8; Fri, 3 Jun 2022 17:41:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1654278089; bh=feL5DhGpFr9fOQ+CVlQslnoobzfhYmtKXTcaAR7THEI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=sXzsdHIdiVA/gaoTBQHGQuHuutIswWRG1oeYy0oBTuPVKEGwO4k34h28jh2OikjNl RWydsKG0zcqImsQLQvJfwN0c2FCqiuR+JlJDnKi7O5lC2I3zSMwceFhIKW/vvw7oS+ 9GOkucdrtXT4OkZV6vme6Xabrsl2tjM6bL9Jsnkg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Akira Yokosawa , Jonathan Corbet , Mauro Carvalho Chehab Subject: [PATCH 4.14 21/23] docs: submitting-patches: Fix crossref to The canonical patch format Date: Fri, 3 Jun 2022 19:39:48 +0200 Message-Id: <20220603173815.003147792@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220603173814.362515009@linuxfoundation.org> References: <20220603173814.362515009@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Akira Yokosawa commit 6d5aa418b3bd42cdccc36e94ee199af423ef7c84 upstream. The reference to `explicit_in_reply_to` is pointless as when the reference was added in the form of "#15" [1], Section 15) was "The canonical patch format". The reference of "#15" had not been properly updated in a couple of reorganizations during the plain-text SubmittingPatches era. Fix it by using `the_canonical_patch_format`. [1]: 2ae19acaa50a ("Documentation: Add "how to write a good patch summary" = to SubmittingPatches") Signed-off-by: Akira Yokosawa Fixes: 5903019b2a5e ("Documentation/SubmittingPatches: convert it to ReST m= arkup") Fixes: 9b2c76777acc ("Documentation/SubmittingPatches: enrich the Sphinx ou= tput") Cc: Jonathan Corbet Cc: Mauro Carvalho Chehab Cc: stable@vger.kernel.org # v4.9+ Link: https://lore.kernel.org/r/64e105a5-50be-23f2-6cae-903a2ea98e18@gmail.= com Signed-off-by: Jonathan Corbet Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing --- Documentation/process/submitting-patches.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/Documentation/process/submitting-patches.rst +++ b/Documentation/process/submitting-patches.rst @@ -133,7 +133,7 @@ as you intend it to. =20 The maintainer will thank you if you write your patch description in a form which can be easily pulled into Linux's source code management -system, ``git``, as a "commit log". See :ref:`explicit_in_reply_to`. +system, ``git``, as a "commit log". See :ref:`the_canonical_patch_format`. =20 Solve only one problem per patch. If your description starts to get long, that's a sign that you probably need to split up your patch. From nobody Sat May 2 09:01:00 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3D12DC43334 for ; Fri, 3 Jun 2022 17:43:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344669AbiFCRnE (ORCPT ); Fri, 3 Jun 2022 13:43:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56864 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344852AbiFCRmU (ORCPT ); Fri, 3 Jun 2022 13:42:20 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B367E54193; Fri, 3 Jun 2022 10:41:33 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id A6A9861AFB; Fri, 3 Jun 2022 17:41:32 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B0231C385A9; Fri, 3 Jun 2022 17:41:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1654278092; bh=47+WW93izh9zYfS6/3qjMleBfy11harY9ZN6Ja4SPOo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=SkNMdNw55N4RaBc2BY4pb2Mdqc9zPmlnm96a9xBytDHCTos8756TCpn6/zAODtR+T C+9QXpdAiZbFz9/rfn+LmgXuJvdNwPX88QyRMcWrI5oPyXsjUqdv9KDf+yZvqtyu3+ WR05zqzzhJrpk0D/1PmMuiY8UNmDdhdttj8CCxrw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Dai Ngo , Chuck Lever Subject: [PATCH 4.14 22/23] NFSD: Fix possible sleep during nfsd4_release_lockowner() Date: Fri, 3 Jun 2022 19:39:49 +0200 Message-Id: <20220603173815.032974590@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220603173814.362515009@linuxfoundation.org> References: <20220603173814.362515009@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Chuck Lever commit ce3c4ad7f4ce5db7b4f08a1e237d8dd94b39180b upstream. nfsd4_release_lockowner() holds clp->cl_lock when it calls check_for_locks(). However, check_for_locks() calls nfsd_file_get() / nfsd_file_put() to access the backing inode's flc_posix list, and nfsd_file_put() can sleep if the inode was recently removed. Let's instead rely on the stateowner's reference count to gate whether the release is permitted. This should be a reliable indication of locks-in-use since file lock operations and ->lm_get_owner take appropriate references, which are released appropriately when file locks are removed. Reported-by: Dai Ngo Signed-off-by: Chuck Lever Cc: stable@vger.kernel.org Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing --- fs/nfsd/nfs4state.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c @@ -6351,16 +6351,12 @@ nfsd4_release_lockowner(struct svc_rqst if (sop->so_is_open_owner || !same_owner_str(sop, owner)) continue; =20 - /* see if there are still any locks associated with it */ - lo =3D lockowner(sop); - list_for_each_entry(stp, &sop->so_stateids, st_perstateowner) { - if (check_for_locks(stp->st_stid.sc_file, lo)) { - status =3D nfserr_locks_held; - spin_unlock(&clp->cl_lock); - return status; - } + if (atomic_read(&sop->so_count) !=3D 1) { + spin_unlock(&clp->cl_lock); + return nfserr_locks_held; } =20 + lo =3D lockowner(sop); nfs4_get_stateowner(sop); break; } From nobody Sat May 2 09:01:00 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D6ABDC433EF for ; Fri, 3 Jun 2022 17:42:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344778AbiFCRmR (ORCPT ); Fri, 3 Jun 2022 13:42:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57692 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344832AbiFCRlw (ORCPT ); Fri, 3 Jun 2022 13:41:52 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B406853710; Fri, 3 Jun 2022 10:41:10 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 285E6B8241E; Fri, 3 Jun 2022 17:41:09 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 70706C385A9; Fri, 3 Jun 2022 17:41:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1654278067; bh=BH80/xrWi3HHDzmncsNTp32aPsRHWdcdKFT71F8XLJM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=tlOKGkySvNO8ZEoItxDVtR9ShZqZ+VEAVPqTY+tkwWCMAfod2J0E8HwdTmPPR116o qvkVH+cI/oJcNca4N1Ou1+r4ddOKfFkFDDePLZRuU8DIwSTr1GyZhYSnLznLuE0jW6 +q3KUGGHHAwWwjN999RfohrBYTx6ikTDCBAEkwhg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Liu Jian , Daniel Borkmann , Song Liu Subject: [PATCH 4.14 23/23] bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes Date: Fri, 3 Jun 2022 19:39:50 +0200 Message-Id: <20220603173815.063242055@linuxfoundation.org> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220603173814.362515009@linuxfoundation.org> References: <20220603173814.362515009@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Liu Jian commit 45969b4152c1752089351cd6836a42a566d49bcf upstream. The data length of skb frags + frag_list may be greater than 0xffff, and skb_header_pointer can not handle negative offset. So, here INT_MAX is used to check the validity of offset. Add the same change to the related function skb_store_bytes. Fixes: 05c74e5e53f6 ("bpf: add bpf_skb_load_bytes helper") Signed-off-by: Liu Jian Signed-off-by: Daniel Borkmann Acked-by: Song Liu Link: https://lore.kernel.org/bpf/20220416105801.88708-2-liujian56@huawei.c= om Signed-off-by: Greg Kroah-Hartman Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing --- net/core/filter.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/net/core/filter.c +++ b/net/core/filter.c @@ -1443,7 +1443,7 @@ BPF_CALL_5(bpf_skb_store_bytes, struct s =20 if (unlikely(flags & ~(BPF_F_RECOMPUTE_CSUM | BPF_F_INVALIDATE_HASH))) return -EINVAL; - if (unlikely(offset > 0xffff)) + if (unlikely(offset > INT_MAX)) return -EFAULT; if (unlikely(bpf_try_make_writable(skb, offset + len))) return -EFAULT; @@ -1478,7 +1478,7 @@ BPF_CALL_4(bpf_skb_load_bytes, const str { void *ptr; =20 - if (unlikely(offset > 0xffff)) + if (unlikely(offset > INT_MAX)) goto err_clear; =20 ptr =3D skb_header_pointer(skb, offset, len, to);