From nobody Tue Apr 14 21:15:02 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A8801C00144 for ; Mon, 1 Aug 2022 11:48:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231512AbiHALsH (ORCPT ); Mon, 1 Aug 2022 07:48:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33988 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230341AbiHALr7 (ORCPT ); Mon, 1 Aug 2022 07:47:59 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3B23E357E6; Mon, 1 Aug 2022 04:47:58 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id B37BCB81163; Mon, 1 Aug 2022 11:47:56 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1A712C433D7; Mon, 1 Aug 2022 11:47:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1659354475; bh=/84djZfIdkDkqzPDIuV+7LN9m1x7972+uqaLrrjqWPY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=BZvFxKY76jZHI8Vkyn20ISFHgEt4HoEVYegFZRHmoTpw8qO6RV8SFGspfO+NWeAJP 7D1tBxOE/+k5Dt+rS4MTh6lDKJdFJrPiiuCfUw7UxQ//5+ozsyfdVQ7rsuhE3lk/jH bqzw5HrYhlfANkDyRnxGjRBQbMPbJSQZQHFauxRw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, stable@kernel.org, Lee Jones , Luiz Augusto von Dentz Subject: [PATCH 5.4 01/34] Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put Date: Mon, 1 Aug 2022 13:46:41 +0200 Message-Id: <20220801114128.092552506@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220801114128.025615151@linuxfoundation.org> References: <20220801114128.025615151@linuxfoundation.org> User-Agent: quilt/0.66 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Luiz Augusto von Dentz commit d0be8347c623e0ac4202a1d4e0373882821f56b0 upstream. This fixes the following trace which is caused by hci_rx_work starting up *after* the final channel reference has been put() during sock_close() but *before* the references to the channel have been destroyed, so instead the code now rely on kref_get_unless_zero/l2cap_chan_hold_unless_zero to prevent referencing a channel that is about to be destroyed. refcount_t: increment on 0; use-after-free. BUG: KASAN: use-after-free in refcount_dec_and_test+0x20/0xd0 Read of size 4 at addr ffffffc114f5bf18 by task kworker/u17:14/705 CPU: 4 PID: 705 Comm: kworker/u17:14 Tainted: G S W 4.14.234-00003-g1fb6d0bd49a4-dirty #28 Hardware name: Qualcomm Technologies, Inc. SM8150 V2 PM8150 Google Inc. MSM sm8150 Flame DVT (DT) Workqueue: hci0 hci_rx_work Call trace: dump_backtrace+0x0/0x378 show_stack+0x20/0x2c dump_stack+0x124/0x148 print_address_description+0x80/0x2e8 __kasan_report+0x168/0x188 kasan_report+0x10/0x18 __asan_load4+0x84/0x8c refcount_dec_and_test+0x20/0xd0 l2cap_chan_put+0x48/0x12c l2cap_recv_frame+0x4770/0x6550 l2cap_recv_acldata+0x44c/0x7a4 hci_acldata_packet+0x100/0x188 hci_rx_work+0x178/0x23c process_one_work+0x35c/0x95c worker_thread+0x4cc/0x960 kthread+0x1a8/0x1c4 ret_from_fork+0x10/0x18 Cc: stable@kernel.org Reported-by: Lee Jones Signed-off-by: Luiz Augusto von Dentz Tested-by: Lee Jones Signed-off-by: Luiz Augusto von Dentz Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- include/net/bluetooth/l2cap.h | 1=20 net/bluetooth/l2cap_core.c | 61 +++++++++++++++++++++++++++++++++----= ----- 2 files changed, 49 insertions(+), 13 deletions(-) --- a/include/net/bluetooth/l2cap.h +++ b/include/net/bluetooth/l2cap.h @@ -802,6 +802,7 @@ enum { }; =20 void l2cap_chan_hold(struct l2cap_chan *c); +struct l2cap_chan *l2cap_chan_hold_unless_zero(struct l2cap_chan *c); void l2cap_chan_put(struct l2cap_chan *c); =20 static inline void l2cap_chan_lock(struct l2cap_chan *chan) --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c @@ -110,7 +110,8 @@ static struct l2cap_chan *__l2cap_get_ch } =20 /* Find channel with given SCID. - * Returns locked channel. */ + * Returns a reference locked channel. + */ static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, u16 cid) { @@ -118,15 +119,19 @@ static struct l2cap_chan *l2cap_get_chan =20 mutex_lock(&conn->chan_lock); c =3D __l2cap_get_chan_by_scid(conn, cid); - if (c) - l2cap_chan_lock(c); + if (c) { + /* Only lock if chan reference is not 0 */ + c =3D l2cap_chan_hold_unless_zero(c); + if (c) + l2cap_chan_lock(c); + } mutex_unlock(&conn->chan_lock); =20 return c; } =20 /* Find channel with given DCID. - * Returns locked channel. + * Returns a reference locked channel. */ static struct l2cap_chan *l2cap_get_chan_by_dcid(struct l2cap_conn *conn, u16 cid) @@ -135,8 +140,12 @@ static struct l2cap_chan *l2cap_get_chan =20 mutex_lock(&conn->chan_lock); c =3D __l2cap_get_chan_by_dcid(conn, cid); - if (c) - l2cap_chan_lock(c); + if (c) { + /* Only lock if chan reference is not 0 */ + c =3D l2cap_chan_hold_unless_zero(c); + if (c) + l2cap_chan_lock(c); + } mutex_unlock(&conn->chan_lock); =20 return c; @@ -161,8 +170,12 @@ static struct l2cap_chan *l2cap_get_chan =20 mutex_lock(&conn->chan_lock); c =3D __l2cap_get_chan_by_ident(conn, ident); - if (c) - l2cap_chan_lock(c); + if (c) { + /* Only lock if chan reference is not 0 */ + c =3D l2cap_chan_hold_unless_zero(c); + if (c) + l2cap_chan_lock(c); + } mutex_unlock(&conn->chan_lock); =20 return c; @@ -496,6 +509,16 @@ void l2cap_chan_hold(struct l2cap_chan * kref_get(&c->kref); } =20 +struct l2cap_chan *l2cap_chan_hold_unless_zero(struct l2cap_chan *c) +{ + BT_DBG("chan %p orig refcnt %u", c, kref_read(&c->kref)); + + if (!kref_get_unless_zero(&c->kref)) + return NULL; + + return c; +} + void l2cap_chan_put(struct l2cap_chan *c) { BT_DBG("chan %p orig refcnt %d", c, kref_read(&c->kref)); @@ -1812,7 +1835,10 @@ static struct l2cap_chan *l2cap_global_c src_match =3D !bacmp(&c->src, src); dst_match =3D !bacmp(&c->dst, dst); if (src_match && dst_match) { - l2cap_chan_hold(c); + c =3D l2cap_chan_hold_unless_zero(c); + if (!c) + continue; + read_unlock(&chan_list_lock); return c; } @@ -1827,7 +1853,7 @@ static struct l2cap_chan *l2cap_global_c } =20 if (c1) - l2cap_chan_hold(c1); + c1 =3D l2cap_chan_hold_unless_zero(c1); =20 read_unlock(&chan_list_lock); =20 @@ -4221,6 +4247,7 @@ static inline int l2cap_config_req(struc =20 unlock: l2cap_chan_unlock(chan); + l2cap_chan_put(chan); return err; } =20 @@ -4334,6 +4361,7 @@ static inline int l2cap_config_rsp(struc =20 done: l2cap_chan_unlock(chan); + l2cap_chan_put(chan); return err; } =20 @@ -5062,6 +5090,7 @@ send_move_response: l2cap_send_move_chan_rsp(chan, result); =20 l2cap_chan_unlock(chan); + l2cap_chan_put(chan); =20 return 0; } @@ -5154,6 +5183,7 @@ static void l2cap_move_continue(struct l } =20 l2cap_chan_unlock(chan); + l2cap_chan_put(chan); } =20 static void l2cap_move_fail(struct l2cap_conn *conn, u8 ident, u16 icid, @@ -5183,6 +5213,7 @@ static void l2cap_move_fail(struct l2cap l2cap_send_move_chan_cfm(chan, L2CAP_MC_UNCONFIRMED); =20 l2cap_chan_unlock(chan); + l2cap_chan_put(chan); } =20 static int l2cap_move_channel_rsp(struct l2cap_conn *conn, @@ -5246,6 +5277,7 @@ static int l2cap_move_channel_confirm(st l2cap_send_move_chan_cfm_rsp(conn, cmd->ident, icid); =20 l2cap_chan_unlock(chan); + l2cap_chan_put(chan); =20 return 0; } @@ -5281,6 +5313,7 @@ static inline int l2cap_move_channel_con } =20 l2cap_chan_unlock(chan); + l2cap_chan_put(chan); =20 return 0; } @@ -5653,12 +5686,11 @@ static inline int l2cap_le_credits(struc if (credits > max_credits) { BT_ERR("LE credits overflow"); l2cap_send_disconn_req(chan, ECONNRESET); - l2cap_chan_unlock(chan); =20 /* Return 0 so that we don't trigger an unnecessary * command reject packet. */ - return 0; + goto unlock; } =20 chan->tx_credits +=3D credits; @@ -5669,7 +5701,9 @@ static inline int l2cap_le_credits(struc if (chan->tx_credits) chan->ops->resume(chan); =20 +unlock: l2cap_chan_unlock(chan); + l2cap_chan_put(chan); =20 return 0; } @@ -6983,6 +7017,7 @@ drop: =20 done: l2cap_chan_unlock(chan); + l2cap_chan_put(chan); } =20 static void l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, @@ -7386,7 +7421,7 @@ static struct l2cap_chan *l2cap_global_f if (src_type !=3D c->src_type) continue; =20 - l2cap_chan_hold(c); + c =3D l2cap_chan_hold_unless_zero(c); read_unlock(&chan_list_lock); return c; } From nobody Tue Apr 14 21:15:02 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C63A3C00144 for ; Mon, 1 Aug 2022 11:49:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231723AbiHALtQ (ORCPT ); Mon, 1 Aug 2022 07:49:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35850 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231712AbiHALsu (ORCPT ); Mon, 1 Aug 2022 07:48:50 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CC8CC3DBDB; Mon, 1 Aug 2022 04:48:27 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 053DE6122C; Mon, 1 Aug 2022 11:48:27 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0B6F2C433D6; Mon, 1 Aug 2022 11:48:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1659354506; bh=VBH1TpZZyZwT5mtyysWp68ObVLFEUBt+O5pRICLEnDY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=DIXlXL9JYOx4VYRnWvda86dU2svGD47Ou6m0lgz3HRGGGSw7JXNGn9dXw9lF3DKrz f9fP4Bv1S8f5wKZ4QQg/PIQvjEdkAiWXyaABeAqTDDe8mk2v9Kw9YDyDMBRft4rKhZ z5upEovIPHCPxscDm1X3/5No6Ndu9J5g3ZxfdCjE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, ChenXiaoSong , Hawkins Jiawei , Anton Altaparmakov , Yongqiang Liu , Zhang Yi , Zhang Xiaoxu , Andrew Morton Subject: [PATCH 5.4 02/34] ntfs: fix use-after-free in ntfs_ucsncmp() Date: Mon, 1 Aug 2022 13:46:42 +0200 Message-Id: <20220801114128.132098482@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220801114128.025615151@linuxfoundation.org> References: <20220801114128.025615151@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: ChenXiaoSong commit 38c9c22a85aeed28d0831f230136e9cf6fa2ed44 upstream. Syzkaller reported use-after-free bug as follows: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D BUG: KASAN: use-after-free in ntfs_ucsncmp+0x123/0x130 Read of size 2 at addr ffff8880751acee8 by task a.out/879 CPU: 7 PID: 879 Comm: a.out Not tainted 5.19.0-rc4-next-20220630-00001-gcc5= 218c8bd2c-dirty #7 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd= 239552ce722-prebuilt.qemu.org 04/01/2014 Call Trace: dump_stack_lvl+0x1c0/0x2b0 print_address_description.constprop.0.cold+0xd4/0x484 print_report.cold+0x55/0x232 kasan_report+0xbf/0xf0 ntfs_ucsncmp+0x123/0x130 ntfs_are_names_equal.cold+0x2b/0x41 ntfs_attr_find+0x43b/0xb90 ntfs_attr_lookup+0x16d/0x1e0 ntfs_read_locked_attr_inode+0x4aa/0x2360 ntfs_attr_iget+0x1af/0x220 ntfs_read_locked_inode+0x246c/0x5120 ntfs_iget+0x132/0x180 load_system_files+0x1cc6/0x3480 ntfs_fill_super+0xa66/0x1cf0 mount_bdev+0x38d/0x460 legacy_get_tree+0x10d/0x220 vfs_get_tree+0x93/0x300 do_new_mount+0x2da/0x6d0 path_mount+0x496/0x19d0 __x64_sys_mount+0x284/0x300 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x46/0xb0 RIP: 0033:0x7f3f2118d9ea Code: 48 8b 0d a9 f4 0b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 = 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff f= f 73 01 c3 48 8b 0d 76 f4 0b 00 f7 d8 64 89 01 48 RSP: 002b:00007ffc269deac8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3f2118d9ea RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffc269dec00 RBP: 00007ffc269dec80 R08: 00007ffc269deb00 R09: 00007ffc269dec44 R10: 0000000000000000 R11: 0000000000000202 R12: 000055f81ab1d220 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 The buggy address belongs to the physical page: page:0000000085430378 refcount:1 mapcount:1 mapping:0000000000000000 index:= 0x555c6a81d pfn:0x751ac memcg:ffff888101f7e180 anon flags: 0xfffffc00a0014(uptodate|lru|mappedtodisk|swapbacked|node=3D0|z= one=3D1|lastcpupid=3D0x1fffff) raw: 000fffffc00a0014 ffffea0001bf2988 ffffea0001de2448 ffff88801712e201 raw: 0000000555c6a81d 0000000000000000 0000000100000000 ffff888101f7e180 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8880751acd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8880751ace00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff8880751ace80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ^ ffff8880751acf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8880751acf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D The reason is that struct ATTR_RECORD->name_offset is 6485, end address of name string is out of bounds. Fix this by adding sanity check on end address of attribute name string. [akpm@linux-foundation.org: coding-style cleanups] [chenxiaosong2@huawei.com: cleanup suggested by Hawkins Jiawei] Link: https://lkml.kernel.org/r/20220709064511.3304299-1-chenxiaosong2@hu= awei.com Link: https://lkml.kernel.org/r/20220707105329.4020708-1-chenxiaosong2@huaw= ei.com Signed-off-by: ChenXiaoSong Signed-off-by: Hawkins Jiawei Cc: Anton Altaparmakov Cc: ChenXiaoSong Cc: Yongqiang Liu Cc: Zhang Yi Cc: Zhang Xiaoxu Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- fs/ntfs/attrib.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) --- a/fs/ntfs/attrib.c +++ b/fs/ntfs/attrib.c @@ -592,8 +592,12 @@ static int ntfs_attr_find(const ATTR_TYP a =3D (ATTR_RECORD*)((u8*)ctx->attr + le32_to_cpu(ctx->attr->length)); for (;; a =3D (ATTR_RECORD*)((u8*)a + le32_to_cpu(a->length))) { - if ((u8*)a < (u8*)ctx->mrec || (u8*)a > (u8*)ctx->mrec + - le32_to_cpu(ctx->mrec->bytes_allocated)) + u8 *mrec_end =3D (u8 *)ctx->mrec + + le32_to_cpu(ctx->mrec->bytes_allocated); + u8 *name_end =3D (u8 *)a + le16_to_cpu(a->name_offset) + + a->name_length * sizeof(ntfschar); + if ((u8*)a < (u8*)ctx->mrec || (u8*)a > mrec_end || + name_end > mrec_end) break; ctx->attr =3D a; if (unlikely(le32_to_cpu(a->type) > le32_to_cpu(type) || From nobody Tue Apr 14 21:15:02 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6C8ABC19F29 for ; Mon, 1 Aug 2022 11:51:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230246AbiHALvE (ORCPT ); Mon, 1 Aug 2022 07:51:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34698 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231589AbiHALt4 (ORCPT ); Mon, 1 Aug 2022 07:49:56 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0FCA93FA03; Mon, 1 Aug 2022 04:49:00 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 51FFDB80EAC; Mon, 1 Aug 2022 11:48:58 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A5481C433D6; Mon, 1 Aug 2022 11:48:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1659354537; bh=0DOI+tH+obLM/ah1ir/rAmzRsoGfunCYQfDTahRUfW4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=c8iLnzGsdgsElllUtLEAGy7Kk0JXFeISIpRQu4hudicQrYVupMNaXDp8eRnKRBf29 OW6MDza9nyri7fgBM0H3WoSf9XRzG/7XP6FJJimLCAsFI4Zp5P02JqBtB2N3dBlATM MaRlInLRp+biODfXQWV4MgxKVxsitb7jPRZR3bAI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Harald Freudenberger , "Jason A. Donenfeld" , Juergen Christ , Alexander Gordeev Subject: [PATCH 5.4 03/34] s390/archrandom: prevent CPACF trng invocations in interrupt context Date: Mon, 1 Aug 2022 13:46:43 +0200 Message-Id: <20220801114128.180782961@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220801114128.025615151@linuxfoundation.org> References: <20220801114128.025615151@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Harald Freudenberger commit 918e75f77af7d2e049bb70469ec0a2c12782d96a upstream. This patch slightly reworks the s390 arch_get_random_seed_{int,long} implementation: Make sure the CPACF trng instruction is never called in any interrupt context. This is done by adding an additional condition in_task(). Justification: There are some constrains to satisfy for the invocation of the arch_get_random_seed_{int,long}() functions: - They should provide good random data during kernel initialization. - They should not be called in interrupt context as the TRNG instruction is relatively heavy weight and may for example make some network loads cause to timeout and buck. However, it was not clear what kind of interrupt context is exactly encountered during kernel init or network traffic eventually calling arch_get_random_seed_long(). After some days of investigations it is clear that the s390 start_kernel function is not running in any interrupt context and so the trng is called: Jul 11 18:33:39 t35lp54 kernel: [<00000001064e90ca>] arch_get_random_seed_= long.part.0+0x32/0x70 Jul 11 18:33:39 t35lp54 kernel: [<000000010715f246>] random_init+0xf6/0x238 Jul 11 18:33:39 t35lp54 kernel: [<000000010712545c>] start_kernel+0x4a4/0x= 628 Jul 11 18:33:39 t35lp54 kernel: [<000000010590402a>] startup_continue+0x2a= /0x40 The condition in_task() is true and the CPACF trng provides random data during kernel startup. The network traffic however, is more difficult. A typical call stack looks like this: Jul 06 17:37:07 t35lp54 kernel: [<000000008b5600fc>] extract_entropy.const= prop.0+0x23c/0x240 Jul 06 17:37:07 t35lp54 kernel: [<000000008b560136>] crng_reseed+0x36/0xd8 Jul 06 17:37:07 t35lp54 kernel: [<000000008b5604b8>] crng_make_state+0x78/= 0x340 Jul 06 17:37:07 t35lp54 kernel: [<000000008b5607e0>] _get_random_bytes+0x6= 0/0xf8 Jul 06 17:37:07 t35lp54 kernel: [<000000008b56108a>] get_random_u32+0xda/0= x248 Jul 06 17:37:07 t35lp54 kernel: [<000000008aefe7a8>] kfence_guarded_alloc+= 0x48/0x4b8 Jul 06 17:37:07 t35lp54 kernel: [<000000008aeff35e>] __kfence_alloc+0x18e/= 0x1b8 Jul 06 17:37:07 t35lp54 kernel: [<000000008aef7f10>] __kmalloc_node_track_= caller+0x368/0x4d8 Jul 06 17:37:07 t35lp54 kernel: [<000000008b611eac>] kmalloc_reserve+0x44/= 0xa0 Jul 06 17:37:07 t35lp54 kernel: [<000000008b611f98>] __alloc_skb+0x90/0x178 Jul 06 17:37:07 t35lp54 kernel: [<000000008b6120dc>] __napi_alloc_skb+0x5c= /0x118 Jul 06 17:37:07 t35lp54 kernel: [<000000008b8f06b4>] qeth_extract_skb+0x13= c/0x680 Jul 06 17:37:07 t35lp54 kernel: [<000000008b8f6526>] qeth_poll+0x256/0x3f8 Jul 06 17:37:07 t35lp54 kernel: [<000000008b63d76e>] __napi_poll.constprop= .0+0x46/0x2f8 Jul 06 17:37:07 t35lp54 kernel: [<000000008b63dbec>] net_rx_action+0x1cc/0= x408 Jul 06 17:37:07 t35lp54 kernel: [<000000008b937302>] __do_softirq+0x132/0x= 6b0 Jul 06 17:37:07 t35lp54 kernel: [<000000008abf46ce>] __irq_exit_rcu+0x13e/= 0x170 Jul 06 17:37:07 t35lp54 kernel: [<000000008abf531a>] irq_exit_rcu+0x22/0x50 Jul 06 17:37:07 t35lp54 kernel: [<000000008b922506>] do_io_irq+0xe6/0x198 Jul 06 17:37:07 t35lp54 kernel: [<000000008b935826>] io_int_handler+0xd6/0= x110 Jul 06 17:37:07 t35lp54 kernel: [<000000008b9358a6>] psw_idle_exit+0x0/0xa Jul 06 17:37:07 t35lp54 kernel: ([<000000008ab9c59a>] arch_cpu_idle+0x52/0x= e0) Jul 06 17:37:07 t35lp54 kernel: [<000000008b933cfe>] default_idle_call+0x6= e/0xd0 Jul 06 17:37:07 t35lp54 kernel: [<000000008ac59f4e>] do_idle+0xf6/0x1b0 Jul 06 17:37:07 t35lp54 kernel: [<000000008ac5a28e>] cpu_startup_entry+0x3= 6/0x40 Jul 06 17:37:07 t35lp54 kernel: [<000000008abb0d90>] smp_start_secondary+0= x148/0x158 Jul 06 17:37:07 t35lp54 kernel: [<000000008b935b9e>] restart_int_handler+0= x6e/0x90 which confirms that the call is in softirq context. So in_task() covers exa= ctly the cases where we want to have CPACF trng called: not in nmi, not in hard = irq, not in soft irq but in normal task context and during kernel init. Signed-off-by: Harald Freudenberger Acked-by: Jason A. Donenfeld Reviewed-by: Juergen Christ Link: https://lore.kernel.org/r/20220713131721.257907-1-freude@linux.ibm.com Fixes: e4f74400308c ("s390/archrandom: simplify back to earlier design and = initialize earlier") [agordeev@linux.ibm.com changed desc, added Fixes and Link, removed -stable] Signed-off-by: Alexander Gordeev Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- arch/s390/include/asm/archrandom.h | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) --- a/arch/s390/include/asm/archrandom.h +++ b/arch/s390/include/asm/archrandom.h @@ -2,7 +2,7 @@ /* * Kernel interface for the s390 arch_random_* functions * - * Copyright IBM Corp. 2017, 2020 + * Copyright IBM Corp. 2017, 2022 * * Author: Harald Freudenberger * @@ -14,6 +14,7 @@ #ifdef CONFIG_ARCH_RANDOM =20 #include +#include #include #include =20 @@ -32,7 +33,8 @@ static inline bool __must_check arch_get =20 static inline bool __must_check arch_get_random_seed_long(unsigned long *v) { - if (static_branch_likely(&s390_arch_random_available)) { + if (static_branch_likely(&s390_arch_random_available) && + in_task()) { cpacf_trng(NULL, 0, (u8 *)v, sizeof(*v)); atomic64_add(sizeof(*v), &s390_arch_random_counter); return true; @@ -42,7 +44,8 @@ static inline bool __must_check arch_get =20 static inline bool __must_check arch_get_random_seed_int(unsigned int *v) { - if (static_branch_likely(&s390_arch_random_available)) { + if (static_branch_likely(&s390_arch_random_available) && + in_task()) { cpacf_trng(NULL, 0, (u8 *)v, sizeof(*v)); atomic64_add(sizeof(*v), &s390_arch_random_counter); return true; From nobody Tue Apr 14 21:15:02 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E4768C00144 for ; Mon, 1 Aug 2022 11:51:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231571AbiHALvZ (ORCPT ); Mon, 1 Aug 2022 07:51:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35038 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231840AbiHALuQ (ORCPT ); Mon, 1 Aug 2022 07:50:16 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 00CCF3D59D; Mon, 1 Aug 2022 04:49:08 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 5EB26612AB; Mon, 1 Aug 2022 11:49:08 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6B318C433C1; Mon, 1 Aug 2022 11:49:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1659354547; bh=mn4KD0k0fVIvnt863IwUl1nXyDS8ebDv3M3Jhof39Ek=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=07ygNVKQLTh9Z9kjRezo2FRXMBm6QiESxfg/JLK5nSaMNM/yHvQjySxl8ZNtjYJ/n OZP4xund8sJL+sG1La570qKIXzf3NDWLO/nmdV83QPDbgakKZX/+Pu1XKP7PvyIPcY zIEU/pyRSw6UiMP7xrXDTOgF51t2m9UdP4vhVysA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Kuniyuki Iwashima , "David S. Miller" Subject: [PATCH 5.4 04/34] tcp: Fix data-races around sysctl_tcp_dsack. Date: Mon, 1 Aug 2022 13:46:44 +0200 Message-Id: <20220801114128.225736271@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220801114128.025615151@linuxfoundation.org> References: <20220801114128.025615151@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Kuniyuki Iwashima commit 58ebb1c8b35a8ef38cd6927431e0fa7b173a632d upstream. While reading sysctl_tcp_dsack, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Kuniyuki Iwashima Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- net/ipv4/tcp_input.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -4260,7 +4260,7 @@ static void tcp_dsack_set(struct sock *s { struct tcp_sock *tp =3D tcp_sk(sk); =20 - if (tcp_is_sack(tp) && sock_net(sk)->ipv4.sysctl_tcp_dsack) { + if (tcp_is_sack(tp) && READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_dsack)) { int mib_idx; =20 if (before(seq, tp->rcv_nxt)) @@ -4306,7 +4306,7 @@ static void tcp_send_dupack(struct sock NET_INC_STATS(sock_net(sk), LINUX_MIB_DELAYEDACKLOST); tcp_enter_quickack_mode(sk, TCP_MAX_QUICKACKS); =20 - if (tcp_is_sack(tp) && sock_net(sk)->ipv4.sysctl_tcp_dsack) { + if (tcp_is_sack(tp) && READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_dsack)) { u32 end_seq =3D TCP_SKB_CB(skb)->end_seq; =20 tcp_rcv_spurious_retrans(sk, skb); From nobody Tue Apr 14 21:15:02 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0C272C00144 for ; Mon, 1 Aug 2022 11:51:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231822AbiHALv2 (ORCPT ); Mon, 1 Aug 2022 07:51:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34580 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231679AbiHALua (ORCPT ); Mon, 1 Aug 2022 07:50:30 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CEBA53E74F; Mon, 1 Aug 2022 04:49:11 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 305476125A; Mon, 1 Aug 2022 11:49:11 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 377E8C433C1; Mon, 1 Aug 2022 11:49:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1659354550; bh=yH/Jv9zpljAV0KPz0rIO5WPu1QCsz4NkIWRT4ePOxGk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=oQLeY7P60mlht3TWFL5vj8twOicYWPuTI9hfD4CtqKSxngVoWADvPx4Lz7krF6G1S EXjGQgYTFkxgCy9VR36bQfDst+RNWj37XJhcnOu4+rQHhcpzUVImp1CLkONBPh8eV1 SLaF/OQROt3bMfUYy5VxNKB5kH3vtHTRsTHukQdY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Kuniyuki Iwashima , "David S. Miller" Subject: [PATCH 5.4 05/34] tcp: Fix a data-race around sysctl_tcp_app_win. Date: Mon, 1 Aug 2022 13:46:45 +0200 Message-Id: <20220801114128.270135146@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220801114128.025615151@linuxfoundation.org> References: <20220801114128.025615151@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Kuniyuki Iwashima commit 02ca527ac5581cf56749db9fd03d854e842253dd upstream. While reading sysctl_tcp_app_win, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Kuniyuki Iwashima Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- net/ipv4/tcp_input.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -439,7 +439,7 @@ static void tcp_grow_window(struct sock */ void tcp_init_buffer_space(struct sock *sk) { - int tcp_app_win =3D sock_net(sk)->ipv4.sysctl_tcp_app_win; + int tcp_app_win =3D READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_app_win); struct tcp_sock *tp =3D tcp_sk(sk); int maxwin; From nobody Tue Apr 14 21:15:02 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 66859C00144 for ; Mon, 1 Aug 2022 11:51:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231842AbiHALvb (ORCPT ); Mon, 1 Aug 2022 07:51:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35116 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231446AbiHALue (ORCPT ); Mon, 1 Aug 2022 07:50:34 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B20A73AE47; Mon, 1 Aug 2022 04:49:14 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id D982B612C6; Mon, 1 Aug 2022 11:49:13 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E4D69C433C1; Mon, 1 Aug 2022 11:49:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1659354553; bh=LIcRHKYKYlzajg/YMOhVk1Ufpco9mjpW0QZrPm6QgCA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=2i5j0mPavSthhlaoNalmxQjvvgO5qfKi3MfbmAiR2C7Rl/6NYXRp3NoBeO2yomCHW /895wjX8WwezCiNnaQ5ysnvJjGGKUNfX6H3Ra0+NxIt6/to6g0KQ7T3i4KIxExYwso HAAQhCwSDhA9JZL4L1xUT2rBrrBf+jipg8xKfEC8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Kuniyuki Iwashima , "David S. Miller" Subject: [PATCH 5.4 06/34] tcp: Fix a data-race around sysctl_tcp_adv_win_scale. Date: Mon, 1 Aug 2022 13:46:46 +0200 Message-Id: <20220801114128.304976802@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220801114128.025615151@linuxfoundation.org> References: <20220801114128.025615151@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Kuniyuki Iwashima commit 36eeee75ef0157e42fb6593dcc65daab289b559e upstream. While reading sysctl_tcp_adv_win_scale, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Kuniyuki Iwashima Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- include/net/tcp.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -1389,7 +1389,7 @@ void tcp_select_initial_window(const str =20 static inline int tcp_win_from_space(const struct sock *sk, int space) { - int tcp_adv_win_scale =3D sock_net(sk)->ipv4.sysctl_tcp_adv_win_scale; + int tcp_adv_win_scale =3D READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_adv_win= _scale); =20 return tcp_adv_win_scale <=3D 0 ? (space>>(-tcp_adv_win_scale)) : From nobody Tue Apr 14 21:15:02 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E1325C00144 for ; Mon, 1 Aug 2022 11:51:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231874AbiHALvg (ORCPT ); Mon, 1 Aug 2022 07:51:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40784 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231934AbiHALul (ORCPT ); Mon, 1 Aug 2022 07:50:41 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6BD52402DC; Mon, 1 Aug 2022 04:49:17 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 90952612C5; Mon, 1 Aug 2022 11:49:16 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 994CEC433C1; Mon, 1 Aug 2022 11:49:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1659354556; bh=bZ79vMwd6lZjbx+kr4CrkCQzjZarKgGBb2BuBwBdQ20=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=wttkDDwk9K0Eo70cW77PWIwqsNurDOyXvoNpVM7ZiEyX/tCg8rX7R1jYBTYWhK/xD Qp0YlvfpUTUs83u+6stc5acrAHLm9qBCDc+hjsHWLuRvbQ1J970p80j5btr19/WYP8 pQ03QxWmc/cDennJF9FgJT317eqgny6fvlbNTQmo= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Kuniyuki Iwashima , "David S. Miller" Subject: [PATCH 5.4 07/34] tcp: Fix a data-race around sysctl_tcp_frto. Date: Mon, 1 Aug 2022 13:46:47 +0200 Message-Id: <20220801114128.334090136@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220801114128.025615151@linuxfoundation.org> References: <20220801114128.025615151@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Kuniyuki Iwashima commit 706c6202a3589f290e1ef9be0584a8f4a3cc0507 upstream. While reading sysctl_tcp_frto, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Kuniyuki Iwashima Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- net/ipv4/tcp_input.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -2030,7 +2030,7 @@ void tcp_enter_loss(struct sock *sk) * loss recovery is underway except recurring timeout(s) on * the same SND.UNA (sec 3.2). Disable F-RTO on path MTU probing */ - tp->frto =3D net->ipv4.sysctl_tcp_frto && + tp->frto =3D READ_ONCE(net->ipv4.sysctl_tcp_frto) && (new_recovery || icsk->icsk_retransmits) && !inet_csk(sk)->icsk_mtup.probe_size; } From nobody Tue Apr 14 21:15:02 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 92F5DC00144 for ; Mon, 1 Aug 2022 11:51:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231932AbiHALvo (ORCPT ); Mon, 1 Aug 2022 07:51:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34580 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232016AbiHALuu (ORCPT ); Mon, 1 Aug 2022 07:50:50 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 19E6240BC3; Mon, 1 Aug 2022 04:49:19 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 48C896125A; Mon, 1 Aug 2022 11:49:19 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 52717C433D6; Mon, 1 Aug 2022 11:49:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1659354558; bh=nWkaHB4aObE4+ORXQz/gbELbp69I+2ype2nxZe9a19U=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=G6n6+c2EuJafW0K/ICF3Q/PKOll5LPbpeIVYXShB+JFVM14JU9Pb8XVR9bXOTi4n3 6LRtkBZQcolDYQRWN//2lvfBfopM87LXmzUxGrvYwIBsN9gK1JGnkTlOsZZ85hz7Q5 TGDFMyhNuHDCnOE6HCjgUR16n0dLyg8M6kZK2eQ4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Kuniyuki Iwashima , "David S. Miller" Subject: [PATCH 5.4 08/34] tcp: Fix a data-race around sysctl_tcp_nometrics_save. Date: Mon, 1 Aug 2022 13:46:48 +0200 Message-Id: <20220801114128.364618769@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220801114128.025615151@linuxfoundation.org> References: <20220801114128.025615151@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Kuniyuki Iwashima commit 8499a2454d9e8a55ce616ede9f9580f36fd5b0f3 upstream. While reading sysctl_tcp_nometrics_save, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Kuniyuki Iwashima Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- net/ipv4/tcp_metrics.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/ipv4/tcp_metrics.c +++ b/net/ipv4/tcp_metrics.c @@ -329,7 +329,7 @@ void tcp_update_metrics(struct sock *sk) int m; =20 sk_dst_confirm(sk); - if (net->ipv4.sysctl_tcp_nometrics_save || !dst) + if (READ_ONCE(net->ipv4.sysctl_tcp_nometrics_save) || !dst) return; =20 rcu_read_lock(); From nobody Tue Apr 14 21:15:02 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 88B7CC00144 for ; Mon, 1 Aug 2022 11:51:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231964AbiHALvu (ORCPT ); Mon, 1 Aug 2022 07:51:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35108 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232062AbiHALuz (ORCPT ); Mon, 1 Aug 2022 07:50:55 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5E57940BF0; Mon, 1 Aug 2022 04:49:24 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id B3447B81055; Mon, 1 Aug 2022 11:49:22 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0D8FCC433D7; Mon, 1 Aug 2022 11:49:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1659354561; bh=NxgMr9IOK2r74FmzVfDcwXghgS/ZLi9ZSMBfS4OirPs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=iXKyqGEn+Uak2ciWDp/KIUC0WJ7nXlb1n8z3hPWkGhrp5v5h1SWnVcK24R/JJK+mR ynKHJSIYkOhcxIZUU25uVuv7YFdGLb/PU+NY6CQnLZVl2DWhBvjqcFrZTJky7sWcN9 2x/4CvR0LMgloGMJuoSnoXZ7SCAi+GLNB6tIkT8U= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Maciej Fijalkowski , George Kuruvinakunnel , Tony Nguyen Subject: [PATCH 5.4 09/34] ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS) Date: Mon, 1 Aug 2022 13:46:49 +0200 Message-Id: <20220801114128.406083028@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220801114128.025615151@linuxfoundation.org> References: <20220801114128.025615151@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Maciej Fijalkowski commit 283d736ff7c7e96ac5b32c6c0de40372f8eb171e upstream. Tx side sets EOP and RS bits on descriptors to indicate that a particular descriptor is the last one and needs to generate an irq when it was sent. These bits should not be checked on completion path regardless whether it's the Tx or the Rx. DD bit serves this purpose and it indicates that a particular descriptor is either for Rx or was successfully Txed. EOF is also set as loopback test does not xmit fragmented frames. Look at (DD | EOF) bits setting in ice_lbtest_receive_frames() instead of EOP and RS pair. Fixes: 0e674aeb0b77 ("ice: Add handler for ethtool selftest") Signed-off-by: Maciej Fijalkowski Tested-by: George Kuruvinakunnel Signed-off-by: Tony Nguyen Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- drivers/net/ethernet/intel/ice/ice_ethtool.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/net/ethernet/intel/ice/ice_ethtool.c +++ b/drivers/net/ethernet/intel/ice/ice_ethtool.c @@ -619,7 +619,8 @@ static int ice_lbtest_receive_frames(str rx_desc =3D ICE_RX_DESC(rx_ring, i); =20 if (!(rx_desc->wb.status_error0 & - cpu_to_le16(ICE_TX_DESC_CMD_EOP | ICE_TX_DESC_CMD_RS))) + (cpu_to_le16(BIT(ICE_RX_FLEX_DESC_STATUS0_DD_S)) | + cpu_to_le16(BIT(ICE_RX_FLEX_DESC_STATUS0_EOF_S))))) continue; =20 rx_buf =3D &rx_ring->rx_buf[i]; From nobody Tue Apr 14 21:15:02 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B7755C00144 for ; Mon, 1 Aug 2022 11:48:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231534AbiHALsL (ORCPT ); Mon, 1 Aug 2022 07:48:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33994 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230507AbiHALr7 (ORCPT ); Mon, 1 Aug 2022 07:47:59 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 55BA6357E7; Mon, 1 Aug 2022 04:47:59 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id F12A4612C5; Mon, 1 Aug 2022 11:47:58 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0C015C433D7; Mon, 1 Aug 2022 11:47:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1659354478; bh=njEJUI8hFYTX1TYf9ANgrqFv+mOlAIg6Sgqv9N4GIhY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=uKPikGZE851WCZ6gDWLWMDrXQgl3ydir+VSPKn7XinhARN8yG5iglxyi0A9P+PJnP v5DZuLtwSEMKUs2sqUs0dE839Xwd3sCYps6drWL5FWtDK0MOc/sMjYuCZvO2Lw+nS0 piyidkxb7hxGt9W+X3anjMDAfu6UBIC7j77lpp40= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Maciej Fijalkowski , George Kuruvinakunnel , Tony Nguyen Subject: [PATCH 5.4 10/34] ice: do not setup vlan for loopback VSI Date: Mon, 1 Aug 2022 13:46:50 +0200 Message-Id: <20220801114128.442763918@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220801114128.025615151@linuxfoundation.org> References: <20220801114128.025615151@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Maciej Fijalkowski commit cc019545a238518fa9da1e2a889f6e1bb1005a63 upstream. Currently loopback test is failiing due to the error returned from ice_vsi_vlan_setup(). Skip calling it when preparing loopback VSI. Fixes: 0e674aeb0b77 ("ice: Add handler for ethtool selftest") Signed-off-by: Maciej Fijalkowski Tested-by: George Kuruvinakunnel Signed-off-by: Tony Nguyen Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- drivers/net/ethernet/intel/ice/ice_main.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) --- a/drivers/net/ethernet/intel/ice/ice_main.c +++ b/drivers/net/ethernet/intel/ice/ice_main.c @@ -3495,10 +3495,12 @@ int ice_vsi_cfg(struct ice_vsi *vsi) if (vsi->netdev) { ice_set_rx_mode(vsi->netdev); =20 - err =3D ice_vsi_vlan_setup(vsi); + if (vsi->type !=3D ICE_VSI_LB) { + err =3D ice_vsi_vlan_setup(vsi); =20 - if (err) - return err; + if (err) + return err; + } } ice_vsi_cfg_dcb_rings(vsi); From nobody Tue Apr 14 21:15:02 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CBE2CC00144 for ; Mon, 1 Aug 2022 11:48:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231550AbiHALsO (ORCPT ); Mon, 1 Aug 2022 07:48:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34010 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231451AbiHALsC (ORCPT ); Mon, 1 Aug 2022 07:48:02 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1FFDA357E3; Mon, 1 Aug 2022 04:48:02 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id B28FD612CF; Mon, 1 Aug 2022 11:48:01 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id BFAACC433D6; Mon, 1 Aug 2022 11:48:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1659354481; bh=w8vKAcRBTrQQjzh8VjZ1AFwqcHCYgjo4v0fVgshcQ00=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=GfqjbU5DH6arLUnPdiYbFxBNgbmRDUw34zIJSt2gxiYZhjiBCTfRDb5JvDKZjLTAf ned/wuZCe3v18V90Qgdqxaa5nGZxtEZ/blsaWv1jWla89sfRyNtkznoWhL05+e1omc jNKdATk/vF+bBF7HGLBQ4zbrD8JYXiaHPQm6KoDM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Bart Van Assche , Liang He , "Martin K. Petersen" Subject: [PATCH 5.4 11/34] scsi: ufs: host: Hold reference returned by of_parse_phandle() Date: Mon, 1 Aug 2022 13:46:51 +0200 Message-Id: <20220801114128.471486665@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220801114128.025615151@linuxfoundation.org> References: <20220801114128.025615151@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Liang He commit a3435afba87dc6cd83f5595e7607f3c40f93ef01 upstream. In ufshcd_populate_vreg(), we should hold the reference returned by of_parse_phandle() and then use it to call of_node_put() for refcount balance. Link: https://lore.kernel.org/r/20220719071529.1081166-1-windhl@126.com Fixes: aa4976130934 ("ufs: Add regulator enable support") Reviewed-by: Bart Van Assche Signed-off-by: Liang He Signed-off-by: Martin K. Petersen Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- drivers/scsi/ufs/ufshcd-pltfrm.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) --- a/drivers/scsi/ufs/ufshcd-pltfrm.c +++ b/drivers/scsi/ufs/ufshcd-pltfrm.c @@ -125,9 +125,20 @@ out: return ret; } =20 +static bool phandle_exists(const struct device_node *np, + const char *phandle_name, int index) +{ + struct device_node *parse_np =3D of_parse_phandle(np, phandle_name, index= ); + + if (parse_np) + of_node_put(parse_np); + + return parse_np !=3D NULL; +} + #define MAX_PROP_SIZE 32 static int ufshcd_populate_vreg(struct device *dev, const char *name, - struct ufs_vreg **out_vreg) + struct ufs_vreg **out_vreg) { int ret =3D 0; char prop_name[MAX_PROP_SIZE]; @@ -140,7 +151,7 @@ static int ufshcd_populate_vreg(struct d } =20 snprintf(prop_name, MAX_PROP_SIZE, "%s-supply", name); - if (!of_parse_phandle(np, prop_name, 0)) { + if (!phandle_exists(np, prop_name, 0)) { dev_info(dev, "%s: Unable to find %s regulator, assuming enabled\n", __func__, prop_name); goto out; From nobody Tue Apr 14 21:15:02 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E70F4C00144 for ; Mon, 1 Aug 2022 11:48:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231519AbiHALsT (ORCPT ); Mon, 1 Aug 2022 07:48:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34072 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231482AbiHALsF (ORCPT ); Mon, 1 Aug 2022 07:48:05 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F1D50357ED; Mon, 1 Aug 2022 04:48:04 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 9155A612C5; Mon, 1 Aug 2022 11:48:04 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9EDC0C433D7; Mon, 1 Aug 2022 11:48:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1659354484; bh=/qYEJzRwOPh3lmTo2H4V8MfPr1kkl0t/ufrJ74RZtfk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Kwiiy6FpoLhBLrv+i933LY/5ILEyM3VV0fv6xu4I/7OYjB+awTj9b+ZmNqwfOCUq2 /XZa+g1pgV0Kg6d+6GTQX5O1ZYUXgK+QVig6zMhqehFDuwhYK1pHNG/h58v4Gd4pb4 5y/l0SR98/nYDPWp7hoiydC/CVuYElksdZWkyhjI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Kuniyuki Iwashima , "David S. Miller" Subject: [PATCH 5.4 12/34] tcp: Fix a data-race around sysctl_tcp_limit_output_bytes. Date: Mon, 1 Aug 2022 13:46:52 +0200 Message-Id: <20220801114128.501168275@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220801114128.025615151@linuxfoundation.org> References: <20220801114128.025615151@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Kuniyuki Iwashima commit 9fb90193fbd66b4c5409ef729fd081861f8b6351 upstream. While reading sysctl_tcp_limit_output_bytes, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader. Fixes: 46d3ceabd8d9 ("tcp: TCP Small Queues") Signed-off-by: Kuniyuki Iwashima Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- net/ipv4/tcp_output.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c @@ -2276,7 +2276,7 @@ static bool tcp_small_queue_check(struct sk->sk_pacing_rate >> READ_ONCE(sk->sk_pacing_shift)); if (sk->sk_pacing_status =3D=3D SK_PACING_NONE) limit =3D min_t(unsigned long, limit, - sock_net(sk)->ipv4.sysctl_tcp_limit_output_bytes); + READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_limit_output_bytes)); limit <<=3D factor; =20 if (static_branch_unlikely(&tcp_tx_delay_enabled) && From nobody Tue Apr 14 21:15:02 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 23A5DC19F2C for ; Mon, 1 Aug 2022 11:48:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231529AbiHALsY (ORCPT ); Mon, 1 Aug 2022 07:48:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34192 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230341AbiHALsS (ORCPT ); Mon, 1 Aug 2022 07:48:18 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0AF9D3718A; Mon, 1 Aug 2022 04:48:09 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 06497B8116B; Mon, 1 Aug 2022 11:48:08 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 521E7C433C1; Mon, 1 Aug 2022 11:48:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1659354486; bh=5jsYKvFithK8eTXHWGltLi44W3zkQVTfFRkqq2VC5c8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=TzR+FNHfJt72BRrJ0oSDNYyEOK0/IQu3UenVItKOBZdxYoUHeVfL2X6c5FJWYiMlA lzpDBAP8u958Y9PzaSBRftXdbxgzJgIpb9+XzbSbioLPMsIWnPq0GUlpDTzf7BkerI V9olSd6ZKTnaAf4V3TzZPToS8JG1bH7P9HIHGIB0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Kuniyuki Iwashima , "David S. Miller" Subject: [PATCH 5.4 13/34] tcp: Fix a data-race around sysctl_tcp_challenge_ack_limit. Date: Mon, 1 Aug 2022 13:46:53 +0200 Message-Id: <20220801114128.544074282@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220801114128.025615151@linuxfoundation.org> References: <20220801114128.025615151@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Kuniyuki Iwashima commit db3815a2fa691da145cfbe834584f31ad75df9ff upstream. While reading sysctl_tcp_challenge_ack_limit, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader. Fixes: 282f23c6ee34 ("tcp: implement RFC 5961 3.2") Signed-off-by: Kuniyuki Iwashima Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- net/ipv4/tcp_input.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -3484,7 +3484,7 @@ static void tcp_send_challenge_ack(struc /* Then check host-wide RFC 5961 rate limit. */ now =3D jiffies / HZ; if (now !=3D challenge_timestamp) { - u32 ack_limit =3D net->ipv4.sysctl_tcp_challenge_ack_limit; + u32 ack_limit =3D READ_ONCE(net->ipv4.sysctl_tcp_challenge_ack_limit); u32 half =3D (ack_limit + 1) >> 1; =20 challenge_timestamp =3D now; From nobody Tue Apr 14 21:15:02 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 350FFC00144 for ; Mon, 1 Aug 2022 11:48:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230350AbiHALs1 (ORCPT ); Mon, 1 Aug 2022 07:48:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34584 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231490AbiHALsS (ORCPT ); Mon, 1 Aug 2022 07:48:18 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E7036371A4; Mon, 1 Aug 2022 04:48:10 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 20725612D1; Mon, 1 Aug 2022 11:48:10 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 02F9CC433C1; Mon, 1 Aug 2022 11:48:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1659354489; bh=EOul90MskSWn6XeK6wDr/oY0DuWr8HwC3vEHSZhflBk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=d0PCDyQ0yTxyoXy8zry0zINy6sWFWCsW/g2uh87iLcrrpwY162nxphWj9puWdBlP0 JISn3zbiQXyRM4qgNDIeL82Z9qAOWiVo3bd3au+kGF9DewHnTtkaCjgqzoL+GD6RIJ zf6DiginYvIJRk3OoWv3eZ1NefRUscv4ifJ2z2h0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot+a8430774139ec3ab7176@syzkaller.appspotmail.com, Ayushman Dutta , Kuniyuki Iwashima , David Ahern , Eric Dumazet , Jakub Kicinski Subject: [PATCH 5.4 14/34] net: ping6: Fix memleak in ipv6_renew_options(). Date: Mon, 1 Aug 2022 13:46:54 +0200 Message-Id: <20220801114128.583899296@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220801114128.025615151@linuxfoundation.org> References: <20220801114128.025615151@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Kuniyuki Iwashima commit e27326009a3d247b831eda38878c777f6f4eb3d1 upstream. When we close ping6 sockets, some resources are left unfreed because pingv6_prot is missing sk->sk_prot->destroy(). As reported by syzbot [0], just three syscalls leak 96 bytes and easily cause OOM. struct ipv6_sr_hdr *hdr; char data[24] =3D {0}; int fd; hdr =3D (struct ipv6_sr_hdr *)data; hdr->hdrlen =3D 2; hdr->type =3D IPV6_SRCRT_TYPE_4; fd =3D socket(AF_INET6, SOCK_DGRAM, NEXTHDR_ICMP); setsockopt(fd, IPPROTO_IPV6, IPV6_RTHDR, data, 24); close(fd); To fix memory leaks, let's add a destroy function. Note the socket() syscall checks if the GID is within the range of net.ipv4.ping_group_range. The default value is [1, 0] so that no GID meets the condition (1 <=3D GID <=3D 0). Thus, the local DoS does not succeed until we change the default value. However, at least Ubuntu/Fedora/RHEL loosen it. $ cat /usr/lib/sysctl.d/50-default.conf ... -net.ipv4.ping_group_range =3D 0 2147483647 Also, there could be another path reported with these options, and some of them require CAP_NET_RAW. setsockopt IPV6_ADDRFORM (inet6_sk(sk)->pktoptions) IPV6_RECVPATHMTU (inet6_sk(sk)->rxpmtu) IPV6_HOPOPTS (inet6_sk(sk)->opt) IPV6_RTHDRDSTOPTS (inet6_sk(sk)->opt) IPV6_RTHDR (inet6_sk(sk)->opt) IPV6_DSTOPTS (inet6_sk(sk)->opt) IPV6_2292PKTOPTIONS (inet6_sk(sk)->opt) getsockopt IPV6_FLOWLABEL_MGR (inet6_sk(sk)->ipv6_fl_list) For the record, I left a different splat with syzbot's one. unreferenced object 0xffff888006270c60 (size 96): comm "repro2", pid 231, jiffies 4294696626 (age 13.118s) hex dump (first 32 bytes): 01 00 00 00 44 00 00 00 00 00 00 00 00 00 00 00 ....D........... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000f6bc7ea9>] sock_kmalloc (net/core/sock.c:2564 net/core/sock= .c:2554) [<000000006d699550>] do_ipv6_setsockopt.constprop.0 (net/ipv6/ipv6_so= ckglue.c:715) [<00000000c3c3b1f5>] ipv6_setsockopt (net/ipv6/ipv6_sockglue.c:1024) [<000000007096a025>] __sys_setsockopt (net/socket.c:2254) [<000000003a8ff47b>] __x64_sys_setsockopt (net/socket.c:2265 net/sock= et.c:2262 net/socket.c:2262) [<000000007c409dcb>] do_syscall_64 (arch/x86/entry/common.c:50 arch/x= 86/entry/common.c:80) [<00000000e939c4a9>] entry_SYSCALL_64_after_hwframe (arch/x86/entry/e= ntry_64.S:120) [0]: https://syzkaller.appspot.com/bug?extid=3Da8430774139ec3ab7176 Fixes: 6d0bfe226116 ("net: ipv6: Add IPv6 support to the ping socket.") Reported-by: syzbot+a8430774139ec3ab7176@syzkaller.appspotmail.com Reported-by: Ayushman Dutta Signed-off-by: Kuniyuki Iwashima Reviewed-by: David Ahern Reviewed-by: Eric Dumazet Link: https://lore.kernel.org/r/20220728012220.46918-1-kuniyu@amazon.com Signed-off-by: Jakub Kicinski Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- net/ipv6/ping.c | 6 ++++++ 1 file changed, 6 insertions(+) --- a/net/ipv6/ping.c +++ b/net/ipv6/ping.c @@ -22,6 +22,11 @@ #include #include =20 +static void ping_v6_destroy(struct sock *sk) +{ + inet6_destroy_sock(sk); +} + /* Compatibility glue so we can support IPv6 when it's compiled as a modul= e */ static int dummy_ipv6_recv_error(struct sock *sk, struct msghdr *msg, int = len, int *addr_len) @@ -165,6 +170,7 @@ struct proto pingv6_prot =3D { .owner =3D THIS_MODULE, .init =3D ping_init_sock, .close =3D ping_close, + .destroy =3D ping_v6_destroy, .connect =3D ip6_datagram_connect_v6_only, .disconnect =3D __udp_disconnect, .setsockopt =3D ipv6_setsockopt, From nobody Tue Apr 14 21:15:02 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B925DC19F29 for ; Mon, 1 Aug 2022 11:48:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231697AbiHALst (ORCPT ); Mon, 1 Aug 2022 07:48:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34562 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231589AbiHALsW (ORCPT ); Mon, 1 Aug 2022 07:48:22 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 56720357FC; Mon, 1 Aug 2022 04:48:13 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id C8EB66122C; Mon, 1 Aug 2022 11:48:12 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D4703C433C1; Mon, 1 Aug 2022 11:48:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1659354492; bh=x5U3Uw+9VPMK0nBFev12SLRahZJIAopla8AhpZH9IYo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=1tOJPPdv0aPmMquO5tKYZ2x39174wV/rFfIksh45uusipnsqvTAdMJYSpnBodjEyF PiD3xUYU5asfg9GGH1JVWOWbgpBmowN9+tbOEmNn25Af4zI7Y6iJZEbzZUCwlH01gj X9OHFaXeid/ffvQF5VL728QZVbXPgg72AuDG7/a4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Ziyang Xuan , David Ahern , Jakub Kicinski Subject: [PATCH 5.4 15/34] ipv6/addrconf: fix a null-ptr-deref bug for ip6_ptr Date: Mon, 1 Aug 2022 13:46:55 +0200 Message-Id: <20220801114128.624528202@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220801114128.025615151@linuxfoundation.org> References: <20220801114128.025615151@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Ziyang Xuan commit 85f0173df35e5462d89947135a6a5599c6c3ef6f upstream. Change net device's MTU to smaller than IPV6_MIN_MTU or unregister device while matching route. That may trigger null-ptr-deref bug for ip6_ptr probability as following. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D BUG: KASAN: null-ptr-deref in find_match.part.0+0x70/0x134 Read of size 4 at addr 0000000000000308 by task ping6/263 CPU: 2 PID: 263 Comm: ping6 Not tainted 5.19.0-rc7+ #14 Call trace: dump_backtrace+0x1a8/0x230 show_stack+0x20/0x70 dump_stack_lvl+0x68/0x84 print_report+0xc4/0x120 kasan_report+0x84/0x120 __asan_load4+0x94/0xd0 find_match.part.0+0x70/0x134 __find_rr_leaf+0x408/0x470 fib6_table_lookup+0x264/0x540 ip6_pol_route+0xf4/0x260 ip6_pol_route_output+0x58/0x70 fib6_rule_lookup+0x1a8/0x330 ip6_route_output_flags_noref+0xd8/0x1a0 ip6_route_output_flags+0x58/0x160 ip6_dst_lookup_tail+0x5b4/0x85c ip6_dst_lookup_flow+0x98/0x120 rawv6_sendmsg+0x49c/0xc70 inet_sendmsg+0x68/0x94 Reproducer as following: Firstly, prepare conditions: $ip netns add ns1 $ip netns add ns2 $ip link add veth1 type veth peer name veth2 $ip link set veth1 netns ns1 $ip link set veth2 netns ns2 $ip netns exec ns1 ip -6 addr add 2001:0db8:0:f101::1/64 dev veth1 $ip netns exec ns2 ip -6 addr add 2001:0db8:0:f101::2/64 dev veth2 $ip netns exec ns1 ifconfig veth1 up $ip netns exec ns2 ifconfig veth2 up $ip netns exec ns1 ip -6 route add 2000::/64 dev veth1 metric 1 $ip netns exec ns2 ip -6 route add 2001::/64 dev veth2 metric 1 Secondly, execute the following two commands in two ssh windows respectively: $ip netns exec ns1 sh $while true; do ip -6 addr add 2001:0db8:0:f101::1/64 dev veth1; ip -6 rout= e add 2000::/64 dev veth1 metric 1; ping6 2000::2; done $ip netns exec ns1 sh $while true; do ip link set veth1 mtu 1000; ip link set veth1 mtu 1500; sle= ep 5; done It is because ip6_ptr has been assigned to NULL in addrconf_ifdown() firstl= y, then ip6_ignore_linkdown() accesses ip6_ptr directly without NULL check. cpu0 cpu1 fib6_table_lookup __find_rr_leaf addrconf_notify [ NETDEV_CHANGEMTU ] addrconf_ifdown RCU_INIT_POINTER(dev->ip6_ptr, NULL) find_match ip6_ignore_linkdown So we can add NULL check for ip6_ptr before using in ip6_ignore_linkdown() = to fix the null-ptr-deref bug. Fixes: dcd1f572954f ("net/ipv6: Remove fib6_idev") Signed-off-by: Ziyang Xuan Reviewed-by: David Ahern Link: https://lore.kernel.org/r/20220728013307.656257-1-william.xuanziyang@= huawei.com Signed-off-by: Jakub Kicinski Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- include/net/addrconf.h | 3 +++ 1 file changed, 3 insertions(+) --- a/include/net/addrconf.h +++ b/include/net/addrconf.h @@ -399,6 +399,9 @@ static inline bool ip6_ignore_linkdown(c { const struct inet6_dev *idev =3D __in6_dev_get(dev); =20 + if (unlikely(!idev)) + return true; + return !!idev->cnf.ignore_routes_with_linkdown; } From nobody Tue Apr 14 21:15:02 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 66A33C00144 for ; Mon, 1 Aug 2022 11:48:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231732AbiHALsx (ORCPT ); Mon, 1 Aug 2022 07:48:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34756 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231526AbiHALsX (ORCPT ); Mon, 1 Aug 2022 07:48:23 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 87A633719F; Mon, 1 Aug 2022 04:48:16 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id B96AE6122C; Mon, 1 Aug 2022 11:48:15 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C520CC433D6; Mon, 1 Aug 2022 11:48:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1659354495; bh=PCQGixB3Nq9ppfBsK4omZqME3l8LAfJ3BdoXwgjIUfQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=s9Y9vm8Kbr0R9uX/JU/RCVqEudaXvSY30Lg3GEPR7HIW204HZDxe/s9S3lHXz7sod 6d9Bo/cL9GWlIOL2v4/wQwJo/pmTESjaQzNlhMRCklWbV0r4ANDboScRSFH19mmv/f sD3xkIvdh378hRKZBVw7qpWdfwgQr94XjSlt9ooM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Kuniyuki Iwashima , "David S. Miller" , Sasha Levin Subject: [PATCH 5.4 16/34] igmp: Fix data-races around sysctl_igmp_qrv. Date: Mon, 1 Aug 2022 13:46:56 +0200 Message-Id: <20220801114128.662594502@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220801114128.025615151@linuxfoundation.org> References: <20220801114128.025615151@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Kuniyuki Iwashima [ Upstream commit 8ebcc62c738f68688ee7c6fec2efe5bc6d3d7e60 ] While reading sysctl_igmp_qrv, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers. This test can be packed into a helper, so such changes will be in the follow-up series after net is merged into net-next. qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); Fixes: a9fe8e29945d ("ipv4: implement igmp_qrv sysctl to tune igmp robustne= ss variable") Signed-off-by: Kuniyuki Iwashima Signed-off-by: David S. Miller Signed-off-by: Sasha Levin Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- net/ipv4/igmp.c | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c index 660b41040c77..1023f881091e 100644 --- a/net/ipv4/igmp.c +++ b/net/ipv4/igmp.c @@ -829,7 +829,7 @@ static void igmp_ifc_event(struct in_device *in_dev) struct net *net =3D dev_net(in_dev->dev); if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev)) return; - WRITE_ONCE(in_dev->mr_ifc_count, in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_= qrv); + WRITE_ONCE(in_dev->mr_ifc_count, in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sy= sctl_igmp_qrv)); igmp_ifc_start_timer(in_dev, 1); } =20 @@ -1011,7 +1011,7 @@ static bool igmp_heard_query(struct in_device *in_dev= , struct sk_buff *skb, * received value was zero, use the default or statically * configured value. */ - in_dev->mr_qrv =3D ih3->qrv ?: net->ipv4.sysctl_igmp_qrv; + in_dev->mr_qrv =3D ih3->qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); in_dev->mr_qi =3D IGMPV3_QQIC(ih3->qqic)*HZ ?: IGMP_QUERY_INTERVAL; =20 /* RFC3376, 8.3. Query Response Interval: @@ -1191,7 +1191,7 @@ static void igmpv3_add_delrec(struct in_device *in_de= v, struct ip_mc_list *im, pmc->interface =3D im->interface; in_dev_hold(in_dev); pmc->multiaddr =3D im->multiaddr; - pmc->crcount =3D in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; + pmc->crcount =3D in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); pmc->sfmode =3D im->sfmode; if (pmc->sfmode =3D=3D MCAST_INCLUDE) { struct ip_sf_list *psf; @@ -1242,9 +1242,11 @@ static void igmpv3_del_delrec(struct in_device *in_d= ev, struct ip_mc_list *im) swap(im->tomb, pmc->tomb); swap(im->sources, pmc->sources); for (psf =3D im->sources; psf; psf =3D psf->sf_next) - psf->sf_crcount =3D in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; + psf->sf_crcount =3D in_dev->mr_qrv ?: + READ_ONCE(net->ipv4.sysctl_igmp_qrv); } else { - im->crcount =3D in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; + im->crcount =3D in_dev->mr_qrv ?: + READ_ONCE(net->ipv4.sysctl_igmp_qrv); } in_dev_put(pmc->interface); kfree_pmc(pmc); @@ -1351,7 +1353,7 @@ static void igmp_group_added(struct ip_mc_list *im) if (in_dev->dead) return; =20 - im->unsolicit_count =3D net->ipv4.sysctl_igmp_qrv; + im->unsolicit_count =3D READ_ONCE(net->ipv4.sysctl_igmp_qrv); if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev)) { spin_lock_bh(&im->lock); igmp_start_timer(im, IGMP_INITIAL_REPORT_DELAY); @@ -1365,7 +1367,7 @@ static void igmp_group_added(struct ip_mc_list *im) * IN() to IN(A). */ if (im->sfmode =3D=3D MCAST_EXCLUDE) - im->crcount =3D in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; + im->crcount =3D in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); =20 igmp_ifc_event(in_dev); #endif @@ -1756,7 +1758,7 @@ static void ip_mc_reset(struct in_device *in_dev) =20 in_dev->mr_qi =3D IGMP_QUERY_INTERVAL; in_dev->mr_qri =3D IGMP_QUERY_RESPONSE_INTERVAL; - in_dev->mr_qrv =3D net->ipv4.sysctl_igmp_qrv; + in_dev->mr_qrv =3D READ_ONCE(net->ipv4.sysctl_igmp_qrv); } #else static void ip_mc_reset(struct in_device *in_dev) @@ -1890,7 +1892,7 @@ static int ip_mc_del1_src(struct ip_mc_list *pmc, int= sfmode, #ifdef CONFIG_IP_MULTICAST if (psf->sf_oldin && !IGMP_V1_SEEN(in_dev) && !IGMP_V2_SEEN(in_dev)) { - psf->sf_crcount =3D in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; + psf->sf_crcount =3D in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_q= rv); psf->sf_next =3D pmc->tomb; pmc->tomb =3D psf; rv =3D 1; @@ -1954,7 +1956,7 @@ static int ip_mc_del_src(struct in_device *in_dev, __= be32 *pmca, int sfmode, /* filter mode change */ pmc->sfmode =3D MCAST_INCLUDE; #ifdef CONFIG_IP_MULTICAST - pmc->crcount =3D in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; + pmc->crcount =3D in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); WRITE_ONCE(in_dev->mr_ifc_count, pmc->crcount); for (psf =3D pmc->sources; psf; psf =3D psf->sf_next) psf->sf_crcount =3D 0; @@ -2133,7 +2135,7 @@ static int ip_mc_add_src(struct in_device *in_dev, __= be32 *pmca, int sfmode, #ifdef CONFIG_IP_MULTICAST /* else no filters; keep old mode for reports */ =20 - pmc->crcount =3D in_dev->mr_qrv ?: net->ipv4.sysctl_igmp_qrv; + pmc->crcount =3D in_dev->mr_qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); WRITE_ONCE(in_dev->mr_ifc_count, pmc->crcount); for (psf =3D pmc->sources; psf; psf =3D psf->sf_next) psf->sf_crcount =3D 0; --=20 2.35.1 From nobody Tue Apr 14 21:15:02 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B7A00C00144 for ; Mon, 1 Aug 2022 11:49:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231689AbiHALtI (ORCPT ); Mon, 1 Aug 2022 07:49:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35696 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231661AbiHALsq (ORCPT ); Mon, 1 Aug 2022 07:48:46 -0400 Received: from sin.source.kernel.org (sin.source.kernel.org [IPv6:2604:1380:40e1:4800::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4A35837F98; Mon, 1 Aug 2022 04:48:23 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sin.source.kernel.org (Postfix) with ESMTPS id 8E3F5CE13B6; Mon, 1 Aug 2022 11:48:19 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 85037C4314C; Mon, 1 Aug 2022 11:48:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1659354497; bh=Z2nPSpHn1y5163xrsf+ZmDTgWIF3XTh49tZw0iUcB1g=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=IYMa+UcEm9LEATYTFCywOk/j13yjqA+jTVVqvJ5EKoQ8isp4oTWHgSAMuI2P2pkN0 oCg8BvmgmzKPGh07YCl3os7rBhLFgmoZ08RtXNk/pWfVsCmocOrTVg7B0DyzsCIJMq qQn1NHWQKzWBf0e0Ska9GsupD1cn8L3NEQXY5p/8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Liang He , Jakub Kicinski , Sasha Levin Subject: [PATCH 5.4 17/34] net: sungem_phy: Add of_node_put() for reference returned by of_get_parent() Date: Mon, 1 Aug 2022 13:46:57 +0200 Message-Id: <20220801114128.706540590@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220801114128.025615151@linuxfoundation.org> References: <20220801114128.025615151@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Liang He [ Upstream commit ebbbe23fdf6070e31509638df3321688358cc211 ] In bcm5421_init(), we should call of_node_put() for the reference returned by of_get_parent() which has increased the refcount. Fixes: 3c326fe9cb7a ("[PATCH] ppc64: Add new PHY to sungem") Signed-off-by: Liang He Link: https://lore.kernel.org/r/20220720131003.1287426-1-windhl@126.com Signed-off-by: Jakub Kicinski Signed-off-by: Sasha Levin Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- drivers/net/sungem_phy.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/net/sungem_phy.c b/drivers/net/sungem_phy.c index 291fa449993f..45f295403cb5 100644 --- a/drivers/net/sungem_phy.c +++ b/drivers/net/sungem_phy.c @@ -454,6 +454,7 @@ static int bcm5421_init(struct mii_phy* phy) int can_low_power =3D 1; if (np =3D=3D NULL || of_get_property(np, "no-autolowpower", NULL)) can_low_power =3D 0; + of_node_put(np); if (can_low_power) { /* Enable automatic low-power */ sungem_phy_write(phy, 0x1c, 0x9002); --=20 2.35.1 From nobody Tue Apr 14 21:15:02 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 350B7C19F29 for ; Mon, 1 Aug 2022 11:49:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231668AbiHALtE (ORCPT ); Mon, 1 Aug 2022 07:49:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34712 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231649AbiHALsq (ORCPT ); Mon, 1 Aug 2022 07:48:46 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2C0663719D; Mon, 1 Aug 2022 04:48:22 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 566B5612D0; Mon, 1 Aug 2022 11:48:21 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 63762C433D6; Mon, 1 Aug 2022 11:48:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1659354500; bh=3sCoI8BpI7uF1zU0CY9LpPBLBwBcSwpqFOjuvTAicaU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Ga/4Ikto6Egz8s1AyZ4vsWvKXOpdwc/dxZvK9u5w/QpqeKwi4ZcYyRGLIxMQedCos 2K9t5ZTs4XOcdNm4sF0abBrqpy8iQOXh1nfXCdmoATb5Txmy+FlTvufKn0cDxEZP+N 2Y/Qq7dxhpPOHYlPTc1QGhuh3Mpouxf+sR29t3Aw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Kuniyuki Iwashima , "David S. Miller" , Sasha Levin Subject: [PATCH 5.4 18/34] tcp: Fix a data-race around sysctl_tcp_min_tso_segs. Date: Mon, 1 Aug 2022 13:46:58 +0200 Message-Id: <20220801114128.744393211@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220801114128.025615151@linuxfoundation.org> References: <20220801114128.025615151@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Kuniyuki Iwashima [ Upstream commit e0bb4ab9dfddd872622239f49fb2bd403b70853b ] While reading sysctl_tcp_min_tso_segs, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader. Fixes: 95bd09eb2750 ("tcp: TSO packets automatic sizing") Signed-off-by: Kuniyuki Iwashima Signed-off-by: David S. Miller Signed-off-by: Sasha Levin Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- net/ipv4/tcp_output.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index 99e077422975..ef749a47768a 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c @@ -1761,7 +1761,7 @@ static u32 tcp_tso_segs(struct sock *sk, unsigned int= mss_now) =20 min_tso =3D ca_ops->min_tso_segs ? ca_ops->min_tso_segs(sk) : - sock_net(sk)->ipv4.sysctl_tcp_min_tso_segs; + READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_min_tso_segs); =20 tso_segs =3D tcp_tso_autosize(sk, mss_now, min_tso); return min_t(u32, tso_segs, sk->sk_gso_max_segs); --=20 2.35.1 From nobody Tue Apr 14 21:15:02 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 29DE6C25B06 for ; Mon, 1 Aug 2022 11:49:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231714AbiHALtM (ORCPT ); Mon, 1 Aug 2022 07:49:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34648 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231609AbiHALsr (ORCPT ); Mon, 1 Aug 2022 07:48:47 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D2E483C8D9; Mon, 1 Aug 2022 04:48:24 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 1BED2612D5; Mon, 1 Aug 2022 11:48:24 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2BF93C433C1; Mon, 1 Aug 2022 11:48:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1659354503; bh=C87C7EzLl4tWVgrvdxffYag5TQAHIvH812FsT8eBZRQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=JS+wuthP94xyVCchaJjdUxeua7kTNrNu9TtAULkRwUG8keUYAOWGnKViDwJ17FBHw XcnrJ4W+ZmjEhDCvuWZYDy8oTHn3D4JZn0NqDswH4ZrPxdc78nBYfAi2E4MilIJ3YE aMfQ1m/FigSq8GWNjMgtdIYudxoIivxQ9geiodRo= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Kuniyuki Iwashima , "David S. Miller" , Sasha Levin Subject: [PATCH 5.4 19/34] tcp: Fix a data-race around sysctl_tcp_min_rtt_wlen. Date: Mon, 1 Aug 2022 13:46:59 +0200 Message-Id: <20220801114128.774532066@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220801114128.025615151@linuxfoundation.org> References: <20220801114128.025615151@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Kuniyuki Iwashima [ Upstream commit 1330ffacd05fc9ac4159d19286ce119e22450ed2 ] While reading sysctl_tcp_min_rtt_wlen, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader. Fixes: f672258391b4 ("tcp: track min RTT using windowed min-filter") Signed-off-by: Kuniyuki Iwashima Signed-off-by: David S. Miller Signed-off-by: Sasha Levin Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- net/ipv4/tcp_input.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index a8d8ff488281..b760ad0b16d9 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -2914,7 +2914,7 @@ static void tcp_fastretrans_alert(struct sock *sk, co= nst u32 prior_snd_una, =20 static void tcp_update_rtt_min(struct sock *sk, u32 rtt_us, const int flag) { - u32 wlen =3D sock_net(sk)->ipv4.sysctl_tcp_min_rtt_wlen * HZ; + u32 wlen =3D READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_min_rtt_wlen) * HZ; struct tcp_sock *tp =3D tcp_sk(sk); =20 if ((flag & FLAG_ACK_MAYBE_DELAYED) && rtt_us > tcp_min_rtt(tp)) { --=20 2.35.1 From nobody Tue Apr 14 21:15:02 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C75C8C00144 for ; Mon, 1 Aug 2022 11:49:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231223AbiHALtW (ORCPT ); Mon, 1 Aug 2022 07:49:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35144 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231628AbiHALsu (ORCPT ); Mon, 1 Aug 2022 07:48:50 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7B1D539BAB; Mon, 1 Aug 2022 04:48:30 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id AF528612CC; Mon, 1 Aug 2022 11:48:29 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id BA4B0C433D6; Mon, 1 Aug 2022 11:48:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1659354509; bh=axpzzvTdsutOwnImGl4YdAhWxtYB2QXjeKH3Z5s6gUo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=wvDrdXrbiCiHLRYLsVPEFesfi5+8aNx35iomU+eqBsj1Pg/Z1H/dHEGGJECMwb+EB KXLBqgNdMs8C3/Z0zwZwH2FoJBhvp3CAayEX/uW902pJJRwmRwfM+Pg6Q8HoT/dZz/ Mwfu21JaXZMA9fAgfIg72Vd3Moso/Z+GDYWUTv4M= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Kuniyuki Iwashima , "David S. Miller" , Sasha Levin Subject: [PATCH 5.4 20/34] tcp: Fix a data-race around sysctl_tcp_autocorking. Date: Mon, 1 Aug 2022 13:47:00 +0200 Message-Id: <20220801114128.806783683@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220801114128.025615151@linuxfoundation.org> References: <20220801114128.025615151@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Kuniyuki Iwashima [ Upstream commit 85225e6f0a76e6745bc841c9f25169c509b573d8 ] While reading sysctl_tcp_autocorking, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader. Fixes: f54b311142a9 ("tcp: auto corking") Signed-off-by: Kuniyuki Iwashima Signed-off-by: David S. Miller Signed-off-by: Sasha Levin Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- net/ipv4/tcp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index 4b31f6e9ec61..0a570d5d0b38 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -697,7 +697,7 @@ static bool tcp_should_autocork(struct sock *sk, struct= sk_buff *skb, int size_goal) { return skb->len < size_goal && - sock_net(sk)->ipv4.sysctl_tcp_autocorking && + READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_autocorking) && !tcp_rtx_queue_empty(sk) && refcount_read(&sk->sk_wmem_alloc) > skb->truesize; } --=20 2.35.1 From nobody Tue Apr 14 21:15:02 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 84AA8C00144 for ; Mon, 1 Aug 2022 11:49:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231737AbiHALtb (ORCPT ); Mon, 1 Aug 2022 07:49:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36140 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231646AbiHALs6 (ORCPT ); Mon, 1 Aug 2022 07:48:58 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6647F3D5A0; Mon, 1 Aug 2022 04:48:33 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 78BE9612D0; Mon, 1 Aug 2022 11:48:32 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 85DB3C433C1; Mon, 1 Aug 2022 11:48:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1659354511; bh=WsiqZ7jEzFRn1p8SOJ69NiOonWK97kvhuVRggOjJgac=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=rKTC4sh3NCKYTHPTIYJanE9jmnximoRWu3M84eQujenQyXCaL+jsQ+xO2ct1sHNvz +RENIb107zobYR6trgSzhQFr5xsR0ps5YE4QoV6z5s1wVbJ01+MFQyVkz0BglYfDqK cJihNQt1lR4JCSgp0pPpdMHqFIF3zcckWVYE0fa0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Kuniyuki Iwashima , "David S. Miller" , Sasha Levin Subject: [PATCH 5.4 21/34] tcp: Fix a data-race around sysctl_tcp_invalid_ratelimit. Date: Mon, 1 Aug 2022 13:47:01 +0200 Message-Id: <20220801114128.842661951@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220801114128.025615151@linuxfoundation.org> References: <20220801114128.025615151@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Kuniyuki Iwashima [ Upstream commit 2afdbe7b8de84c28e219073a6661080e1b3ded48 ] While reading sysctl_tcp_invalid_ratelimit, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader. Fixes: 032ee4236954 ("tcp: helpers to mitigate ACK loops by rate-limiting o= ut-of-window dupacks") Signed-off-by: Kuniyuki Iwashima Signed-off-by: David S. Miller Signed-off-by: Sasha Levin Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- net/ipv4/tcp_input.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index b760ad0b16d9..7af5e6acf41a 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -3436,7 +3436,8 @@ static bool __tcp_oow_rate_limited(struct net *net, i= nt mib_idx, if (*last_oow_ack_time) { s32 elapsed =3D (s32)(tcp_jiffies32 - *last_oow_ack_time); =20 - if (0 <=3D elapsed && elapsed < net->ipv4.sysctl_tcp_invalid_ratelimit) { + if (0 <=3D elapsed && + elapsed < READ_ONCE(net->ipv4.sysctl_tcp_invalid_ratelimit)) { NET_INC_STATS(net, mib_idx); return true; /* rate-limited: don't send yet! */ } --=20 2.35.1 From nobody Tue Apr 14 21:15:02 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6F901C00144 for ; Mon, 1 Aug 2022 11:49:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231760AbiHALti (ORCPT ); Mon, 1 Aug 2022 07:49:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35766 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231649AbiHALtF (ORCPT ); Mon, 1 Aug 2022 07:49:05 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B52B33CBF6; Mon, 1 Aug 2022 04:48:37 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id EA960B81163; Mon, 1 Aug 2022 11:48:35 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4C8EFC433C1; Mon, 1 Aug 2022 11:48:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1659354514; bh=0GpuQufD0PFXNQDLtBV5vdK8k9ibDitYEm5lPUou5Z0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=bT8THv34OZZ9+zabzdjwvviewhioxPCLDu6zm9QnNXBrRAYHEQNQ6H/zMYi3h3vKp eHD3cSi60WXsYKoj3dbRy2mh5t3btquyjmu9XKMJHbuKvMR/QjReSaqxDqY1GpVlcx SYbbgedBGRsqKvzCvQD1fjc3Yvto+gBfgym3X3nA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Xin Long , Marcelo Ricardo Leitner , "David S. Miller" , Sasha Levin Subject: [PATCH 5.4 22/34] Documentation: fix sctp_wmem in ip-sysctl.rst Date: Mon, 1 Aug 2022 13:47:02 +0200 Message-Id: <20220801114128.878705206@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220801114128.025615151@linuxfoundation.org> References: <20220801114128.025615151@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Xin Long [ Upstream commit aa709da0e032cee7c202047ecd75f437bb0126ed ] Since commit 1033990ac5b2 ("sctp: implement memory accounting on tx path"), SCTP has supported memory accounting on tx path where 'sctp_wmem' is used by sk_wmem_schedule(). So we should fix the description for this option in ip-sysctl.rst accordingly. v1->v2: - Improve the description as Marcelo suggested. Fixes: 1033990ac5b2 ("sctp: implement memory accounting on tx path") Signed-off-by: Xin Long Acked-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller Signed-off-by: Sasha Levin Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- Documentation/networking/ip-sysctl.txt | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/network= ing/ip-sysctl.txt index 787a9c077ef1..5cf601c94e35 100644 --- a/Documentation/networking/ip-sysctl.txt +++ b/Documentation/networking/ip-sysctl.txt @@ -2284,7 +2284,14 @@ sctp_rmem - vector of 3 INTEGERs: min, default, max Default: 4K =20 sctp_wmem - vector of 3 INTEGERs: min, default, max - Currently this tunable has no effect. + Only the first value ("min") is used, "default" and "max" are + ignored. + + min: Minimum size of send buffer that can be used by SCTP sockets. + It is guaranteed to each SCTP socket (but not association) even + under moderate memory pressure. + + Default: 4K =20 addr_scope_policy - INTEGER Control IPv4 address scoping - draft-stewart-tsvwg-sctp-ipv4-00 --=20 2.35.1 From nobody Tue Apr 14 21:15:02 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0C023C00144 for ; Mon, 1 Aug 2022 11:49:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231765AbiHALtn (ORCPT ); Mon, 1 Aug 2022 07:49:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35812 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230525AbiHALtJ (ORCPT ); Mon, 1 Aug 2022 07:49:09 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CDF703F30D; Mon, 1 Aug 2022 04:48:38 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id F27A761227; Mon, 1 Aug 2022 11:48:37 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 06515C433C1; Mon, 1 Aug 2022 11:48:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1659354517; bh=/hO6aj4PyAMs5n1UUTgmoFtzI0yJMWk48o7k8TPY2EA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=LXrlBRX0Ss2Xz+SgtSkIl9u4I0+tE4pXoN+2HaELQ5eK27d1vJRLLnLbkW7xiKZV7 PYwHEtux+SLZsTb4NzhG9ed/Vc+ZOm5hHzOo3o+hi47ZEXWnQ2p1GOgN81apcvaLsg l3rFmecVrAiswIv4+W08ATNujh4CZ+g3yys7yP2g= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Kuniyuki Iwashima , "David S. Miller" , Sasha Levin Subject: [PATCH 5.4 23/34] tcp: Fix a data-race around sysctl_tcp_comp_sack_delay_ns. Date: Mon, 1 Aug 2022 13:47:03 +0200 Message-Id: <20220801114128.918153283@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220801114128.025615151@linuxfoundation.org> References: <20220801114128.025615151@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Kuniyuki Iwashima [ Upstream commit 4866b2b0f7672b6d760c4b8ece6fb56f965dcc8a ] While reading sysctl_tcp_comp_sack_delay_ns, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader. Fixes: 6d82aa242092 ("tcp: add tcp_comp_sack_delay_ns sysctl") Signed-off-by: Kuniyuki Iwashima Signed-off-by: David S. Miller Signed-off-by: Sasha Levin Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- net/ipv4/tcp_input.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 7af5e6acf41a..f8fa036cfae2 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -5326,7 +5326,8 @@ static void __tcp_ack_snd_check(struct sock *sk, int = ofo_possible) if (tp->srtt_us && tp->srtt_us < rtt) rtt =3D tp->srtt_us; =20 - delay =3D min_t(unsigned long, sock_net(sk)->ipv4.sysctl_tcp_comp_sack_de= lay_ns, + delay =3D min_t(unsigned long, + READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_comp_sack_delay_ns), rtt * (NSEC_PER_USEC >> 3)/20); sock_hold(sk); hrtimer_start(&tp->compressed_ack_timer, ns_to_ktime(delay), --=20 2.35.1 From nobody Tue Apr 14 21:15:02 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 969C3C19F29 for ; Mon, 1 Aug 2022 11:49:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230292AbiHALts (ORCPT ); Mon, 1 Aug 2022 07:49:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35144 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231708AbiHALtL (ORCPT ); Mon, 1 Aug 2022 07:49:11 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7B8A83F31C; Mon, 1 Aug 2022 04:48:41 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id EF95661210; Mon, 1 Aug 2022 11:48:40 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 04D9EC433D6; Mon, 1 Aug 2022 11:48:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1659354520; bh=jSo4xF4m8OnK0v74bY7eInmtx1SwCGLzwrI1ExsX8p0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=vhWdgH3IrIAPpQWphhXM8vRxLJlXKbidAIoPLQ3E2xrt09su+ZhuT/6mYkXPx236I nILjyF/xS7hXW0Uu/dEVQlH0t6xrfDoj3MYxKuyaiAR7x0YxPEq7sXC5epLmGRPI7r i1JKnDXaJX4HACpJxaeK3GH889Twn4HJfo9hMkq4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Kuniyuki Iwashima , "David S. Miller" , Sasha Levin Subject: [PATCH 5.4 24/34] tcp: Fix a data-race around sysctl_tcp_comp_sack_nr. Date: Mon, 1 Aug 2022 13:47:04 +0200 Message-Id: <20220801114128.948187739@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220801114128.025615151@linuxfoundation.org> References: <20220801114128.025615151@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Kuniyuki Iwashima [ Upstream commit 79f55473bfc8ac51bd6572929a679eeb4da22251 ] While reading sysctl_tcp_comp_sack_nr, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader. Fixes: 9c21d2fc41c0 ("tcp: add tcp_comp_sack_nr sysctl") Signed-off-by: Kuniyuki Iwashima Signed-off-by: David S. Miller Signed-off-by: Sasha Levin Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- net/ipv4/tcp_input.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index f8fa036cfae2..f4e00ff909da 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -5303,7 +5303,7 @@ static void __tcp_ack_snd_check(struct sock *sk, int = ofo_possible) } =20 if (!tcp_is_sack(tp) || - tp->compressed_ack >=3D sock_net(sk)->ipv4.sysctl_tcp_comp_sack_nr) + tp->compressed_ack >=3D READ_ONCE(sock_net(sk)->ipv4.sysctl_tcp_comp_= sack_nr)) goto send_now; =20 if (tp->compressed_ack_rcv_nxt !=3D tp->rcv_nxt) { --=20 2.35.1 From nobody Tue Apr 14 21:15:02 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 372FBC00144 for ; Mon, 1 Aug 2022 11:50:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231726AbiHALuI (ORCPT ); Mon, 1 Aug 2022 07:50:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35900 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231721AbiHALtO (ORCPT ); Mon, 1 Aug 2022 07:49:14 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 038563ED67; Mon, 1 Aug 2022 04:48:44 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id D84DA612C6; Mon, 1 Aug 2022 11:48:43 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id DB741C433C1; Mon, 1 Aug 2022 11:48:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1659354523; bh=UMWnBXZ/6z15jkJ5TpcjEq0X7QC9NJWGksPHannIGe0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=jPJxKDWCjCURDSAuQ2SOa7rDthb004TNeRs1UgAAF95B7Mz9yCaT1YEcfneHWkG9T s/njbKJejOZxZXRPlXHHkcOaQl2EDMRuYBcKfO49nraLmhjArvxqTA2StR4Tyfwcz7 vtkHQ6a9YJ0Hzk+BaKw+6tx1DXz4OrnV2b0xWKlw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Dawid Lukwinski , Michal Maloszewski , Dave Switzer , Tony Nguyen , Jakub Kicinski , Sasha Levin Subject: [PATCH 5.4 25/34] i40e: Fix interface init with MSI interrupts (no MSI-X) Date: Mon, 1 Aug 2022 13:47:05 +0200 Message-Id: <20220801114128.986934341@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220801114128.025615151@linuxfoundation.org> References: <20220801114128.025615151@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Michal Maloszewski [ Upstream commit 5fcbb711024aac6d4db385623e6f2fdf019f7782 ] Fix the inability to bring an interface up on a setup with only MSI interrupts enabled (no MSI-X). Solution is to add a default number of QPs =3D 1. This is enough, since without MSI-X support driver enables only a basic feature set. Fixes: bc6d33c8d93f ("i40e: Fix the number of queues available to be mapped= for use") Signed-off-by: Dawid Lukwinski Signed-off-by: Michal Maloszewski Tested-by: Dave Switzer Signed-off-by: Tony Nguyen Link: https://lore.kernel.org/r/20220722175401.112572-1-anthony.l.nguyen@in= tel.com Signed-off-by: Jakub Kicinski Signed-off-by: Sasha Levin Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- drivers/net/ethernet/intel/i40e/i40e_main.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethe= rnet/intel/i40e/i40e_main.c index 0610d344fdbf..637f6ed78b48 100644 --- a/drivers/net/ethernet/intel/i40e/i40e_main.c +++ b/drivers/net/ethernet/intel/i40e/i40e_main.c @@ -1821,11 +1821,15 @@ static void i40e_vsi_setup_queue_map(struct i40e_vs= i *vsi, * non-zero req_queue_pairs says that user requested a new * queue count via ethtool's set_channels, so use this * value for queues distribution across traffic classes + * We need at least one queue pair for the interface + * to be usable as we see in else statement. */ if (vsi->req_queue_pairs > 0) vsi->num_queue_pairs =3D vsi->req_queue_pairs; else if (pf->flags & I40E_FLAG_MSIX_ENABLED) vsi->num_queue_pairs =3D pf->num_lan_msix; + else + vsi->num_queue_pairs =3D 1; } =20 /* Number of queues per enabled TC */ --=20 2.35.1 From nobody Tue Apr 14 21:15:02 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CBB80C00144 for ; Mon, 1 Aug 2022 11:50:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231836AbiHALuN (ORCPT ); Mon, 1 Aug 2022 07:50:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36140 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231593AbiHALt3 (ORCPT ); Mon, 1 Aug 2022 07:49:29 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A72443AB16; Mon, 1 Aug 2022 04:48:46 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 8856161210; Mon, 1 Aug 2022 11:48:46 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 99B9DC433C1; Mon, 1 Aug 2022 11:48:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1659354526; bh=eQkHLvuFiQC4fCGZQxZG6VEon3kkOfjQUOYlGs5oa7k=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=NlniTQ6DvIj9NArk1xqExSKMG3GumIRJBLD21cZaBKofiGBQtAgU79LAj0D8pnuCX U8Io1k9gOERSi+6K3qeC7uMy/4y5P1jjUTuBvhb+hgJLHw4C7Exu5WQ6FGlIyDW3kn 5565//9JmTuddrs0on7eOIbVgKlZeTEPW+QNo0xA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Duoming Zhou , Marcelo Ricardo Leitner , Jakub Kicinski , Sasha Levin Subject: [PATCH 5.4 26/34] sctp: fix sleep in atomic context bug in timer handlers Date: Mon, 1 Aug 2022 13:47:06 +0200 Message-Id: <20220801114129.017510453@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220801114128.025615151@linuxfoundation.org> References: <20220801114128.025615151@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Duoming Zhou [ Upstream commit b89fc26f741d9f9efb51cba3e9b241cf1380ec5a ] There are sleep in atomic context bugs in timer handlers of sctp such as sctp_generate_t3_rtx_event(), sctp_generate_probe_event(), sctp_generate_t1_init_event(), sctp_generate_timeout_event(), sctp_generate_t3_rtx_event() and so on. The root cause is sctp_sched_prio_init_sid() with GFP_KERNEL parameter that may sleep could be called by different timer handlers which is in interrupt context. One of the call paths that could trigger bug is shown below: (interrupt context) sctp_generate_probe_event sctp_do_sm sctp_side_effects sctp_cmd_interpreter sctp_outq_teardown sctp_outq_init sctp_sched_set_sched n->init_sid(..,GFP_KERNEL) sctp_sched_prio_init_sid //may sleep This patch changes gfp_t parameter of init_sid in sctp_sched_set_sched() from GFP_KERNEL to GFP_ATOMIC in order to prevent sleep in atomic context bugs. Fixes: 5bbbbe32a431 ("sctp: introduce stream scheduler foundations") Signed-off-by: Duoming Zhou Acked-by: Marcelo Ricardo Leitner Link: https://lore.kernel.org/r/20220723015809.11553-1-duoming@zju.edu.cn Signed-off-by: Jakub Kicinski Signed-off-by: Sasha Levin Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- net/sctp/stream_sched.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/sctp/stream_sched.c b/net/sctp/stream_sched.c index 99e5f69fbb74..a2e1d34f52c5 100644 --- a/net/sctp/stream_sched.c +++ b/net/sctp/stream_sched.c @@ -163,7 +163,7 @@ int sctp_sched_set_sched(struct sctp_association *asoc, if (!SCTP_SO(&asoc->stream, i)->ext) continue; =20 - ret =3D n->init_sid(&asoc->stream, i, GFP_KERNEL); + ret =3D n->init_sid(&asoc->stream, i, GFP_ATOMIC); if (ret) goto err; } --=20 2.35.1 From nobody Tue Apr 14 21:15:02 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5B56CC19F29 for ; Mon, 1 Aug 2022 11:50:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231849AbiHALuT (ORCPT ); Mon, 1 Aug 2022 07:50:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35714 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231659AbiHALta (ORCPT ); Mon, 1 Aug 2022 07:49:30 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 673C23C16B; Mon, 1 Aug 2022 04:48:49 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 45A2A6122C; Mon, 1 Aug 2022 11:48:49 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 52357C433C1; Mon, 1 Aug 2022 11:48:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1659354528; bh=OunI6hSDHwul4no2TGTSH/Kz2Ba6zXgedfsNEhkGKDg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=J2BBfVR/C9qx2Z0ZRwBQtp1N/ujIUkwFztAr7NCTvBJ36ug0/C6v8VpnnNYl+k/iO 5TDuxQva0oI+GmircQGLbr8cp6oGVd0pyw3JtM4O3PFS664o7JacDpgH0x4iLA5baY DHNJK9aPwpquRhegJJGIoTblZ+e+VffDl9QlHmBo= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Domingo Dirutigliano , Florian Westphal , Pablo Neira Ayuso , Sasha Levin Subject: [PATCH 5.4 27/34] netfilter: nf_queue: do not allow packet truncation below transport header offset Date: Mon, 1 Aug 2022 13:47:07 +0200 Message-Id: <20220801114129.048052216@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220801114128.025615151@linuxfoundation.org> References: <20220801114128.025615151@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Florian Westphal [ Upstream commit 99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164 ] Domingo Dirutigliano and Nicola Guerrera report kernel panic when sending nf_queue verdict with 1-byte nfta_payload attribute. The IP/IPv6 stack pulls the IP(v6) header from the packet after the input hook. If user truncates the packet below the header size, this skb_pull() will result in a malformed skb (skb->len < 0). Fixes: 7af4cc3fa158 ("[NETFILTER]: Add "nfnetlink_queue" netfilter queue ha= ndler over nfnetlink") Reported-by: Domingo Dirutigliano Signed-off-by: Florian Westphal Reviewed-by: Pablo Neira Ayuso Signed-off-by: Sasha Levin Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- net/netfilter/nfnetlink_queue.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queu= e.c index 7d3ab08a5a2d..581bd1353a44 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -846,11 +846,16 @@ nfqnl_enqueue_packet(struct nf_queue_entry *entry, un= signed int queuenum) } =20 static int -nfqnl_mangle(void *data, int data_len, struct nf_queue_entry *e, int diff) +nfqnl_mangle(void *data, unsigned int data_len, struct nf_queue_entry *e, = int diff) { struct sk_buff *nskb; =20 if (diff < 0) { + unsigned int min_len =3D skb_transport_offset(e->skb); + + if (data_len < min_len) + return -EINVAL; + if (pskb_trim(e->skb, data_len)) return -ENOMEM; } else if (diff > 0) { --=20 2.35.1 From nobody Tue Apr 14 21:15:02 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E352FC19F29 for ; Mon, 1 Aug 2022 11:50:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230258AbiHALuW (ORCPT ); Mon, 1 Aug 2022 07:50:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35744 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231310AbiHALtb (ORCPT ); Mon, 1 Aug 2022 07:49:31 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AB1723C8C9; Mon, 1 Aug 2022 04:48:52 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 0B2CB61210; Mon, 1 Aug 2022 11:48:52 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 18AF4C43140; Mon, 1 Aug 2022 11:48:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1659354531; bh=wN1+1bl7lUFhlmqzdb0t9pGvMiBru8S6fVSBylcjz6I=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=OIFM+YfNzinILfGuMakx6iiTMixVh7xo8cycRPPd4cwq+TehLCIrZhlnd/8bPaT1H 6tnfFR9pEoz6b8+U1+8ZVH+NFYZfPmSYi35cZmVnzWzkwOCtNd/eoeatb/QH/p0kON DayGI43hnDIMKork8sKCPoY5TTOQYHeg5qBqJHSo= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jason Wang , "Michael S. Tsirkin" , Xuan Zhuo , "David S. Miller" , Sasha Levin Subject: [PATCH 5.4 28/34] virtio-net: fix the race between refill work and close Date: Mon, 1 Aug 2022 13:47:08 +0200 Message-Id: <20220801114129.088165437@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220801114128.025615151@linuxfoundation.org> References: <20220801114128.025615151@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Jason Wang [ Upstream commit 5a159128faff151b7fe5f4eb0f310b1e0a2d56bf ] We try using cancel_delayed_work_sync() to prevent the work from enabling NAPI. This is insufficient since we don't disable the source of the refill work scheduling. This means an NAPI poll callback after cancel_delayed_work_sync() can schedule the refill work then can re-enable the NAPI that leads to use-after-free [1]. Since the work can enable NAPI, we can't simply disable NAPI before calling cancel_delayed_work_sync(). So fix this by introducing a dedicated boolean to control whether or not the work could be scheduled from NAPI. [1] =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D BUG: KASAN: use-after-free in refill_work+0x43/0xd4 Read of size 2 at addr ffff88810562c92e by task kworker/2:1/42 CPU: 2 PID: 42 Comm: kworker/2:1 Not tainted 5.19.0-rc1+ #480 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239= 552ce722-prebuilt.qemu.org 04/01/2014 Workqueue: events refill_work Call Trace: dump_stack_lvl+0x34/0x44 print_report.cold+0xbb/0x6ac ? _printk+0xad/0xde ? refill_work+0x43/0xd4 kasan_report+0xa8/0x130 ? refill_work+0x43/0xd4 refill_work+0x43/0xd4 process_one_work+0x43d/0x780 worker_thread+0x2a0/0x6f0 ? process_one_work+0x780/0x780 kthread+0x167/0x1a0 ? kthread_exit+0x50/0x50 ret_from_fork+0x22/0x30 ... Fixes: b2baed69e605c ("virtio_net: set/cancel work on ndo_open/ndo_stop") Signed-off-by: Jason Wang Acked-by: Michael S. Tsirkin Reviewed-by: Xuan Zhuo Signed-off-by: David S. Miller Signed-off-by: Sasha Levin Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- drivers/net/virtio_net.c | 37 ++++++++++++++++++++++++++++++++++--- 1 file changed, 34 insertions(+), 3 deletions(-) diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index e14842fbe3d6..579df7c5411d 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -213,9 +213,15 @@ struct virtnet_info { /* Packet virtio header size */ u8 hdr_len; =20 - /* Work struct for refilling if we run low on memory. */ + /* Work struct for delayed refilling if we run low on memory. */ struct delayed_work refill; =20 + /* Is delayed refill enabled? */ + bool refill_enabled; + + /* The lock to synchronize the access to refill_enabled */ + spinlock_t refill_lock; + /* Work struct for config space updates */ struct work_struct config_work; =20 @@ -319,6 +325,20 @@ static struct page *get_a_page(struct receive_queue *r= q, gfp_t gfp_mask) return p; } =20 +static void enable_delayed_refill(struct virtnet_info *vi) +{ + spin_lock_bh(&vi->refill_lock); + vi->refill_enabled =3D true; + spin_unlock_bh(&vi->refill_lock); +} + +static void disable_delayed_refill(struct virtnet_info *vi) +{ + spin_lock_bh(&vi->refill_lock); + vi->refill_enabled =3D false; + spin_unlock_bh(&vi->refill_lock); +} + static void virtqueue_napi_schedule(struct napi_struct *napi, struct virtqueue *vq) { @@ -1388,8 +1408,12 @@ static int virtnet_receive(struct receive_queue *rq,= int budget, } =20 if (rq->vq->num_free > min((unsigned int)budget, virtqueue_get_vring_size= (rq->vq)) / 2) { - if (!try_fill_recv(vi, rq, GFP_ATOMIC)) - schedule_delayed_work(&vi->refill, 0); + if (!try_fill_recv(vi, rq, GFP_ATOMIC)) { + spin_lock(&vi->refill_lock); + if (vi->refill_enabled) + schedule_delayed_work(&vi->refill, 0); + spin_unlock(&vi->refill_lock); + } } =20 u64_stats_update_begin(&rq->stats.syncp); @@ -1508,6 +1532,8 @@ static int virtnet_open(struct net_device *dev) struct virtnet_info *vi =3D netdev_priv(dev); int i, err; =20 + enable_delayed_refill(vi); + for (i =3D 0; i < vi->max_queue_pairs; i++) { if (i < vi->curr_queue_pairs) /* Make sure we have some buffers: if oom use wq. */ @@ -1878,6 +1904,8 @@ static int virtnet_close(struct net_device *dev) struct virtnet_info *vi =3D netdev_priv(dev); int i; =20 + /* Make sure NAPI doesn't schedule refill work */ + disable_delayed_refill(vi); /* Make sure refill_work doesn't re-enable napi! */ cancel_delayed_work_sync(&vi->refill); =20 @@ -2417,6 +2445,8 @@ static int virtnet_restore_up(struct virtio_device *v= dev) =20 virtio_device_ready(vdev); =20 + enable_delayed_refill(vi); + if (netif_running(vi->dev)) { err =3D virtnet_open(vi->dev); if (err) @@ -3140,6 +3170,7 @@ static int virtnet_probe(struct virtio_device *vdev) vdev->priv =3D vi; =20 INIT_WORK(&vi->config_work, virtnet_config_changed_work); + spin_lock_init(&vi->refill_lock); =20 /* If we can receive ANY GSO packets, we must allocate large ones. */ if (virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_TSO4) || --=20 2.35.1 From nobody Tue Apr 14 21:15:02 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 55B3CC00144 for ; Mon, 1 Aug 2022 11:51:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231876AbiHALue (ORCPT ); Mon, 1 Aug 2022 07:50:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34204 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231685AbiHALti (ORCPT ); Mon, 1 Aug 2022 07:49:38 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B04CA3FA02; Mon, 1 Aug 2022 04:48:55 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id DC31A612C5; Mon, 1 Aug 2022 11:48:54 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B529DC433D7; Mon, 1 Aug 2022 11:48:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1659354534; bh=LzTJG1XNCjSRF1wHLFmQcTc2ZzSUHNVIbWaXQvT0CFs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=unmoSEC7/BN3iZepgJVn+VsFjMu4YQAxo7iL8EPgpYuut+xpPE+dOKQgKZn+Y8fPc MGiKeJvr1DKB9pr2SEeS5q+wsiIGcVOPyHajyN5PpbJteiri6usLV/GT70BmH25dcv /4d+/P6wxGC6xJJE7tYvjEO9qUYMMN4EOiiEKR44= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Chang Rui , Fangrui Song , Leo Yan , Namhyung Kim , Alexander Shishkin , Ian Rogers , Ingo Molnar , Jiri Olsa , Mark Rutland , Peter Zijlstra , Arnaldo Carvalho de Melo , Sasha Levin Subject: [PATCH 5.4 29/34] perf symbol: Correct address for bss symbols Date: Mon, 1 Aug 2022 13:47:09 +0200 Message-Id: <20220801114129.124587020@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220801114128.025615151@linuxfoundation.org> References: <20220801114128.025615151@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Leo Yan [ Upstream commit 2d86612aacb7805f72873691a2644d7279ed0630 ] When using 'perf mem' and 'perf c2c', an issue is observed that tool reports the wrong offset for global data symbols. This is a common issue on both x86 and Arm64 platforms. Let's see an example, for a test program, below is the disassembly for its .bss section which is dumped with objdump: ... Disassembly of section .bss: 0000000000004040 : ... 0000000000004080 : ... 00000000000040c0 : ... 0000000000004100 : ... First we used 'perf mem record' to run the test program and then used 'perf --debug verbose=3D4 mem report' to observe what's the symbol info for 'buf1' and 'buf2' structures. # ./perf mem record -e ldlat-loads,ldlat-stores -- false_sharing.exe 8 # ./perf --debug verbose=3D4 mem report ... dso__load_sym_internal: adjusting symbol: st_value: 0x40c0 sh_addr: 0x4= 040 sh_offset: 0x3028 symbol__new: buf2 0x30a8-0x30e8 ... dso__load_sym_internal: adjusting symbol: st_value: 0x4080 sh_addr: 0x4= 040 sh_offset: 0x3028 symbol__new: buf1 0x3068-0x30a8 ... The perf tool relies on libelf to parse symbols, in executable and shared object files, 'st_value' holds a virtual address; 'sh_addr' is the address at which section's first byte should reside in memory, and 'sh_offset' is the byte offset from the beginning of the file to the first byte in the section. The perf tool uses below formula to convert a symbol's memory address to a file address: file_address =3D st_value - sh_addr + sh_offset ^ ` Memory address We can see the final adjusted address ranges for buf1 and buf2 are [0x30a8-0x30e8) and [0x3068-0x30a8) respectively, apparently this is incorrect, in the code, the structure for 'buf1' and 'buf2' specifies compiler attribute with 64-byte alignment. The problem happens for 'sh_offset', libelf returns it as 0x3028 which is not 64-byte aligned, combining with disassembly, it's likely libelf doesn't respect the alignment for .bss section, therefore, it doesn't return the aligned value for 'sh_offset'. Suggested by Fangrui Song, ELF file contains program header which contains PT_LOAD segments, the fields p_vaddr and p_offset in PT_LOAD segments contain the execution info. A better choice for converting memory address to file address is using the formula: file_address =3D st_value - p_vaddr + p_offset This patch introduces elf_read_program_header() which returns the program header based on the passed 'st_value', then it uses the formula above to calculate the symbol file address; and the debugging log is updated respectively. After applying the change: # ./perf --debug verbose=3D4 mem report ... dso__load_sym_internal: adjusting symbol: st_value: 0x40c0 p_vaddr: 0x3= d28 p_offset: 0x2d28 symbol__new: buf2 0x30c0-0x3100 ... dso__load_sym_internal: adjusting symbol: st_value: 0x4080 p_vaddr: 0x3= d28 p_offset: 0x2d28 symbol__new: buf1 0x3080-0x30c0 ... Fixes: f17e04afaff84b5c ("perf report: Fix ELF symbol parsing") Reported-by: Chang Rui Suggested-by: Fangrui Song Signed-off-by: Leo Yan Acked-by: Namhyung Kim Cc: Alexander Shishkin Cc: Ian Rogers Cc: Ingo Molnar Cc: Jiri Olsa Cc: Mark Rutland Cc: Peter Zijlstra Link: https://lore.kernel.org/r/20220724060013.171050-2-leo.yan@linaro.org Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Sasha Levin Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- tools/perf/util/symbol-elf.c | 45 ++++++++++++++++++++++++++++++++---- 1 file changed, 41 insertions(+), 4 deletions(-) diff --git a/tools/perf/util/symbol-elf.c b/tools/perf/util/symbol-elf.c index 2ec0a32da579..0b185b1090ff 100644 --- a/tools/perf/util/symbol-elf.c +++ b/tools/perf/util/symbol-elf.c @@ -230,6 +230,33 @@ Elf_Scn *elf_section_by_name(Elf *elf, GElf_Ehdr *ep, return NULL; } =20 +static int elf_read_program_header(Elf *elf, u64 vaddr, GElf_Phdr *phdr) +{ + size_t i, phdrnum; + u64 sz; + + if (elf_getphdrnum(elf, &phdrnum)) + return -1; + + for (i =3D 0; i < phdrnum; i++) { + if (gelf_getphdr(elf, i, phdr) =3D=3D NULL) + return -1; + + if (phdr->p_type !=3D PT_LOAD) + continue; + + sz =3D max(phdr->p_memsz, phdr->p_filesz); + if (!sz) + continue; + + if (vaddr >=3D phdr->p_vaddr && (vaddr < phdr->p_vaddr + sz)) + return 0; + } + + /* Not found any valid program header */ + return -1; +} + static bool want_demangle(bool is_kernel_sym) { return is_kernel_sym ? symbol_conf.demangle_kernel : symbol_conf.demangle; @@ -1091,6 +1118,7 @@ int dso__load_sym(struct dso *dso, struct map *map, s= truct symsrc *syms_ss, sym.st_value); used_opd =3D true; } + /* * When loading symbols in a data mapping, ABS symbols (which * has a value of SHN_ABS in its st_shndx) failed at @@ -1127,11 +1155,20 @@ int dso__load_sym(struct dso *dso, struct map *map,= struct symsrc *syms_ss, goto out_elf_end; } else if ((used_opd && runtime_ss->adjust_symbols) || (!used_opd && syms_ss->adjust_symbols)) { + GElf_Phdr phdr; + + if (elf_read_program_header(syms_ss->elf, + (u64)sym.st_value, &phdr)) { + pr_warning("%s: failed to find program header for " + "symbol: %s st_value: %#" PRIx64 "\n", + __func__, elf_name, (u64)sym.st_value); + continue; + } pr_debug4("%s: adjusting symbol: st_value: %#" PRIx64 " " - "sh_addr: %#" PRIx64 " sh_offset: %#" PRIx64 "\n", __func__, - (u64)sym.st_value, (u64)shdr.sh_addr, - (u64)shdr.sh_offset); - sym.st_value -=3D shdr.sh_addr - shdr.sh_offset; + "p_vaddr: %#" PRIx64 " p_offset: %#" PRIx64 "\n", + __func__, (u64)sym.st_value, (u64)phdr.p_vaddr, + (u64)phdr.p_offset); + sym.st_value -=3D phdr.p_vaddr - phdr.p_offset; } =20 demangled =3D demangle_sym(dso, kmodule, elf_name); --=20 2.35.1 From nobody Tue Apr 14 21:15:02 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6C07DC19F29 for ; Mon, 1 Aug 2022 11:51:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230406AbiHALvJ (ORCPT ); Mon, 1 Aug 2022 07:51:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35914 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231336AbiHALuF (ORCPT ); Mon, 1 Aug 2022 07:50:05 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 518EE3C8D4; Mon, 1 Aug 2022 04:49:02 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id F098CB81171; Mon, 1 Aug 2022 11:49:00 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6015FC433C1; Mon, 1 Aug 2022 11:48:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1659354539; bh=ycTU+HSomfoHdSW0vq0bveUJxpdgzefs1QvVTkOlf5s=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=GP20LbMIn743X9abfhc5DEfV2Shz2gAcYmkkpY8IR2X0iYk8L/5n5U96ylSp+pK1h Ou/AhBWydM4aInXGsodIj8cx3S2BURUlLkrewvCBYYsc8QbaJehNMqsH1tlV6dNlfL zB30kYod4+5oTRJqNEOqw+PthP+dThSGMC0amDPY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Alejandro Lucero , Jakub Kicinski , Sasha Levin Subject: [PATCH 5.4 30/34] sfc: disable softirqs for ptp TX Date: Mon, 1 Aug 2022 13:47:10 +0200 Message-Id: <20220801114129.169784087@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220801114128.025615151@linuxfoundation.org> References: <20220801114128.025615151@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Alejandro Lucero [ Upstream commit 67c3b611d92fc238c43734878bc3e232ab570c79 ] Sending a PTP packet can imply to use the normal TX driver datapath but invoked from the driver's ptp worker. The kernel generic TX code disables softirqs and preemption before calling specific driver TX code, but the ptp worker does not. Although current ptp driver functionality does not require it, there are several reasons for doing so: 1) The invoked code is always executed with softirqs disabled for non PTP packets. 2) Better if a ptp packet transmission is not interrupted by softirq handling which could lead to high latencies. 3) netdev_xmit_more used by the TX code requires preemption to be disabled. Indeed a solution for dealing with kernel preemption state based on static kernel configuration is not possible since the introduction of dynamic preemption level configuration at boot time using the static calls functionality. Fixes: f79c957a0b537 ("drivers: net: sfc: use netdev_xmit_more helper") Signed-off-by: Alejandro Lucero Link: https://lore.kernel.org/r/20220726064504.49613-1-alejandro.lucero-pal= au@amd.com Signed-off-by: Jakub Kicinski Signed-off-by: Sasha Levin Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- drivers/net/ethernet/sfc/ptp.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/drivers/net/ethernet/sfc/ptp.c b/drivers/net/ethernet/sfc/ptp.c index 1fa1b71dbfa1..ed1140ecca60 100644 --- a/drivers/net/ethernet/sfc/ptp.c +++ b/drivers/net/ethernet/sfc/ptp.c @@ -1093,7 +1093,29 @@ static void efx_ptp_xmit_skb_queue(struct efx_nic *e= fx, struct sk_buff *skb) =20 tx_queue =3D &ptp_data->channel->tx_queue[type]; if (tx_queue && tx_queue->timestamping) { + /* This code invokes normal driver TX code which is always + * protected from softirqs when called from generic TX code, + * which in turn disables preemption. Look at __dev_queue_xmit + * which uses rcu_read_lock_bh disabling preemption for RCU + * plus disabling softirqs. We do not need RCU reader + * protection here. + * + * Although it is theoretically safe for current PTP TX/RX code + * running without disabling softirqs, there are three good + * reasond for doing so: + * + * 1) The code invoked is mainly implemented for non-PTP + * packets and it is always executed with softirqs + * disabled. + * 2) This being a single PTP packet, better to not + * interrupt its processing by softirqs which can lead + * to high latencies. + * 3) netdev_xmit_more checks preemption is disabled and + * triggers a BUG_ON if not. + */ + local_bh_disable(); efx_enqueue_skb(tx_queue, skb); + local_bh_enable(); } else { WARN_ONCE(1, "PTP channel has no timestamped tx queue\n"); dev_kfree_skb_any(skb); --=20 2.35.1 From nobody Tue Apr 14 21:15:02 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A9079C00144 for ; Mon, 1 Aug 2022 11:51:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231654AbiHALvR (ORCPT ); Mon, 1 Aug 2022 07:51:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35666 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230496AbiHALuI (ORCPT ); Mon, 1 Aug 2022 07:50:08 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B7B883C8D7; Mon, 1 Aug 2022 04:49:03 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id F32E46125A; Mon, 1 Aug 2022 11:49:02 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0FEDAC433C1; Mon, 1 Aug 2022 11:49:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1659354542; bh=56sfNEMTQcxQGZXj9gWrjrjlCxtZaq4OzlBp/NcB63s=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Stko80BkiKWtLjNDbOs7NI3aNrcC9ICGZ518Eh0reWm1EzwHyqQamkounubR8Tz7u blo0d2j+rNMu5aIFExbGteToJtIMMF9h619+5N/O97vvhtz4k4wdCjkzXrwq+oJ/8U 2qln56wX5ESYjYMzNEFQBSplk6eoDNk7L7d7pj3A= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Wei Chen , Xin Long , Jakub Kicinski , Sasha Levin Subject: [PATCH 5.4 31/34] sctp: leave the err path free in sctp_stream_init to sctp_stream_free Date: Mon, 1 Aug 2022 13:47:11 +0200 Message-Id: <20220801114129.214903256@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220801114128.025615151@linuxfoundation.org> References: <20220801114128.025615151@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Xin Long [ Upstream commit 181d8d2066c000ba0a0e6940a7ad80f1a0e68e9d ] A NULL pointer dereference was reported by Wei Chen: BUG: kernel NULL pointer dereference, address: 0000000000000000 RIP: 0010:__list_del_entry_valid+0x26/0x80 Call Trace: sctp_sched_dequeue_common+0x1c/0x90 sctp_sched_prio_dequeue+0x67/0x80 __sctp_outq_teardown+0x299/0x380 sctp_outq_free+0x15/0x20 sctp_association_free+0xc3/0x440 sctp_do_sm+0x1ca7/0x2210 sctp_assoc_bh_rcv+0x1f6/0x340 This happens when calling sctp_sendmsg without connecting to server first. In this case, a data chunk already queues up in send queue of client side when processing the INIT_ACK from server in sctp_process_init() where it calls sctp_stream_init() to alloc stream_in. If it fails to alloc stream_in all stream_out will be freed in sctp_stream_init's err path. Then in the asoc freeing it will crash when dequeuing this data chunk as stream_out is missing. As we can't free stream out before dequeuing all data from send queue, and this patch is to fix it by moving the err path stream_out/in freeing in sctp_stream_init() to sctp_stream_free() which is eventually called when freeing the asoc in sctp_association_free(). This fix also makes the code in sctp_process_init() more clear. Note that in sctp_association_init() when it fails in sctp_stream_init(), sctp_association_free() will not be called, and in that case it should go to 'stream_free' err path to free stream instead of 'fail_init'. Fixes: 5bbbbe32a431 ("sctp: introduce stream scheduler foundations") Reported-by: Wei Chen Signed-off-by: Xin Long Link: https://lore.kernel.org/r/831a3dc100c4908ff76e5bcc363be97f2778bc0b.16= 58787066.git.lucien.xin@gmail.com Signed-off-by: Jakub Kicinski Signed-off-by: Sasha Levin Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- net/sctp/associola.c | 5 ++--- net/sctp/stream.c | 19 +++---------------- 2 files changed, 5 insertions(+), 19 deletions(-) diff --git a/net/sctp/associola.c b/net/sctp/associola.c index fb6f62264e87..f960b0e1e552 100644 --- a/net/sctp/associola.c +++ b/net/sctp/associola.c @@ -224,9 +224,8 @@ static struct sctp_association *sctp_association_init( if (!sctp_ulpq_init(&asoc->ulpq, asoc)) goto fail_init; =20 - if (sctp_stream_init(&asoc->stream, asoc->c.sinit_num_ostreams, - 0, gfp)) - goto fail_init; + if (sctp_stream_init(&asoc->stream, asoc->c.sinit_num_ostreams, 0, gfp)) + goto stream_free; =20 /* Initialize default path MTU. */ asoc->pathmtu =3D sp->pathmtu; diff --git a/net/sctp/stream.c b/net/sctp/stream.c index cd20638b6151..56762745d6e4 100644 --- a/net/sctp/stream.c +++ b/net/sctp/stream.c @@ -137,7 +137,7 @@ int sctp_stream_init(struct sctp_stream *stream, __u16 = outcnt, __u16 incnt, =20 ret =3D sctp_stream_alloc_out(stream, outcnt, gfp); if (ret) - goto out_err; + return ret; =20 for (i =3D 0; i < stream->outcnt; i++) SCTP_SO(stream, i)->state =3D SCTP_STREAM_OPEN; @@ -145,22 +145,9 @@ int sctp_stream_init(struct sctp_stream *stream, __u16= outcnt, __u16 incnt, handle_in: sctp_stream_interleave_init(stream); if (!incnt) - goto out; - - ret =3D sctp_stream_alloc_in(stream, incnt, gfp); - if (ret) - goto in_err; - - goto out; + return 0; =20 -in_err: - sched->free(stream); - genradix_free(&stream->in); -out_err: - genradix_free(&stream->out); - stream->outcnt =3D 0; -out: - return ret; + return sctp_stream_alloc_in(stream, incnt, gfp); } =20 int sctp_stream_init_ext(struct sctp_stream *stream, __u16 sid) --=20 2.35.1 From nobody Tue Apr 14 21:15:02 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D581AC00144 for ; Mon, 1 Aug 2022 11:51:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231736AbiHALvU (ORCPT ); Mon, 1 Aug 2022 07:51:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38906 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231834AbiHALuN (ORCPT ); Mon, 1 Aug 2022 07:50:13 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 424CE3D5A2; Mon, 1 Aug 2022 04:49:06 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id AECCF612AB; Mon, 1 Aug 2022 11:49:05 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id BDD52C433D6; Mon, 1 Aug 2022 11:49:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1659354545; bh=ovaRUObMAvZXzLI3pFsi8aRPVpgULcDH1zTnBrKal/Q=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=pfmSRLQl6nXVIf5Zf/6the0I0j0z2olZ3hB5NNYIf1Bmr398bJXxWUyV8V07eY/sP tAtbnxfJ183H3sUT0gb2PCP6lOArOLeAJwWY1QCY2X7UAnNEuWPviAfx7MoQuJnUku CLiasNI/gtXNw0iiWUhq+tw4DSO8In8D/jMIDfLQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Greg Kroah-Hartman , "Jason A. Donenfeld" , "Justin M. Forbes" , Ard Biesheuvel , Arnd Bergmann , Nicolas Pitre , Nathan Chancellor , Nick Desaulniers Subject: [PATCH 5.4 32/34] ARM: crypto: comment out gcc warning that breaks clang builds Date: Mon, 1 Aug 2022 13:47:12 +0200 Message-Id: <20220801114129.254984278@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220801114128.025615151@linuxfoundation.org> References: <20220801114128.025615151@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Greg Kroah-Hartman The gcc build warning prevents all clang-built kernels from working properly, so comment it out to fix the build. This is a -stable kernel only patch for now, it will be resolved differently in mainline releases in the future. Cc: "Jason A. Donenfeld" Cc: "Justin M. Forbes" Cc: Ard Biesheuvel Acked-by: Arnd Bergmann Cc: Nicolas Pitre Cc: Nathan Chancellor Cc: Nick Desaulniers Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- arch/arm/lib/xor-neon.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/arch/arm/lib/xor-neon.c +++ b/arch/arm/lib/xor-neon.c @@ -26,8 +26,9 @@ MODULE_LICENSE("GPL"); * While older versions of GCC do not generate incorrect code, they fail to * recognize the parallel nature of these functions, and emit plain ARM co= de, * which is known to be slower than the optimized ARM code in asm-arm/xor.= h. + * + * #warning This code requires at least version 4.6 of GCC */ -#warning This code requires at least version 4.6 of GCC #endif =20 #pragma GCC diagnostic ignored "-Wunused-variable" From nobody Tue Apr 14 21:15:02 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 51340C00144 for ; Mon, 1 Aug 2022 11:52:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231950AbiHALwS (ORCPT ); Mon, 1 Aug 2022 07:52:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34580 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231895AbiHALvl (ORCPT ); Mon, 1 Aug 2022 07:51:41 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AAA7B3ED61; Mon, 1 Aug 2022 04:49:32 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id B8A36B8116E; Mon, 1 Aug 2022 11:49:30 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 26DB0C433D6; Mon, 1 Aug 2022 11:49:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1659354569; bh=eO/ZtQD8LMvCR0OR1BCQ6/nXAd1L0wr32Z8IaAYC+4k=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WXl95/s6CO34L5ZQzfPWCEyB//VgbbQ2EwAw4U5wOMvMnq+ijTuOV7ANs5LDROoSC ZsyROOenBr/5/dowLnkbTE94Tw8y6CRE2tZ8CmjV0uy77c5VtEiV6zJ/DRU3sjjggE NdUmzYt9+RQHB9HSTs4YeKg4rGdekz3XrHtyDz9E= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Wei Mingzhi , Jakub Kicinski , Kalle Valo , Yan Xinyu Subject: [PATCH 5.4 33/34] mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle. Date: Mon, 1 Aug 2022 13:47:13 +0200 Message-Id: <20220801114129.292086195@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220801114128.025615151@linuxfoundation.org> References: <20220801114128.025615151@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Wei Mingzhi commit 829eea7c94e0bac804e65975639a2f2e5f147033 upstream. USB device ID of some versions of XiaoDu WiFi Dongle is 2955:1003 instead of 2955:1001. Both are the same mt7601u hardware. Signed-off-by: Wei Mingzhi Acked-by: Jakub Kicinski Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/20210618160840.305024-1-whistler@member.fsf= .org Cc: Yan Xinyu Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- drivers/net/wireless/mediatek/mt7601u/usb.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/net/wireless/mediatek/mt7601u/usb.c +++ b/drivers/net/wireless/mediatek/mt7601u/usb.c @@ -26,6 +26,7 @@ static const struct usb_device_id mt7601 { USB_DEVICE(0x2717, 0x4106) }, { USB_DEVICE(0x2955, 0x0001) }, { USB_DEVICE(0x2955, 0x1001) }, + { USB_DEVICE(0x2955, 0x1003) }, { USB_DEVICE(0x2a5f, 0x1000) }, { USB_DEVICE(0x7392, 0x7710) }, { 0, } From nobody Tue Apr 14 21:15:02 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9400AC19F2D for ; Mon, 1 Aug 2022 11:52:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232020AbiHALwM (ORCPT ); Mon, 1 Aug 2022 07:52:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34648 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231859AbiHALvd (ORCPT ); Mon, 1 Aug 2022 07:51:33 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DC9FD3E77E; Mon, 1 Aug 2022 04:49:29 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 26F78B8116B; Mon, 1 Aug 2022 11:49:28 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 474BFC433D6; Mon, 1 Aug 2022 11:49:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1659354566; bh=vYtUgWJOtyovVyFdms+tN1lBrNToWs07uk+ePG6BBiM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=KMXQexf8eWrclj8piMd3UjUfNR31rbM2WMkEDecaD9UQgwvKB8iPRWzI755Jrj239 oowqym1S/kef426lt7jPV48R01UtUIftG6mukKEMBmHNYNzwp/eEhETpiy3WSYANmH N8H/SMHhTfdEs/BhsLRkHC47DKBA4t7kjLRjsb3U= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Hannes Reinecke , Sumit Saxena , Kashyap Desai , Bart Van Assche , Ewan Milne , Long Li , John Garry , "chenxiang (M)" , Ming Lei , "Martin K. Petersen" , Yu Kuai Subject: [PATCH 5.4 34/34] scsi: core: Fix race between handling STS_RESOURCE and completion Date: Mon, 1 Aug 2022 13:47:14 +0200 Message-Id: <20220801114129.332434263@linuxfoundation.org> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220801114128.025615151@linuxfoundation.org> References: <20220801114128.025615151@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" From: Ming Lei commit 673235f915318ced5d7ec4b2bfd8cb909e6a4a55 upstream. When queuing I/O request to LLD, STS_RESOURCE may be returned because: - Host is in recovery or blocked - Target queue throttling or target is blocked - LLD rejection In these scenarios BLK_STS_DEV_RESOURCE is returned to the block layer to avoid an unnecessary re-run of the queue. However, all of the requests queued to this SCSI device may complete immediately after reading 'sdev->device_busy' and BLK_STS_DEV_RESOURCE is returned to block layer. In that case the current I/O won't get a chance to get queued since it is invisible at that time for both scsi_run_queue_async() and blk-mq's RESTART. Fix the issue by not returning BLK_STS_DEV_RESOURCE in this situation. Link: https://lore.kernel.org/r/20201202100419.525144-1-ming.lei@redhat.com Fixes: 86ff7c2a80cd ("blk-mq: introduce BLK_STS_DEV_RESOURCE") Cc: Hannes Reinecke Cc: Sumit Saxena Cc: Kashyap Desai Cc: Bart Van Assche Cc: Ewan Milne Cc: Long Li Reported-by: John Garry Tested-by: "chenxiang (M)" Signed-off-by: Ming Lei Signed-off-by: Martin K. Petersen Signed-off-by: Yu Kuai Signed-off-by: Greg Kroah-Hartman Tested-by: Florian Fainelli Tested-by: Guenter Roeck Tested-by: Linux Kernel Functional Testing Tested-by: Shuah Khan Tested-by: Sudip Mukherjee --- drivers/scsi/scsi_lib.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c @@ -1719,8 +1719,7 @@ out_put_budget: case BLK_STS_OK: break; case BLK_STS_RESOURCE: - if (atomic_read(&sdev->device_busy) || - scsi_device_blocked(sdev)) + if (scsi_device_blocked(sdev)) ret =3D BLK_STS_DEV_RESOURCE; break; default: